Shadow Protect v3 Causes BSOD after defrag

Discussion in 'backup, imaging & disk mgmt' started by silver0066, Sep 30, 2007.

Thread Status:
Not open for further replies.
  1. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    I am using XP and Ultimate Defrag with First Defense. I excluded the $ISR\0 folder in Ultimate Defrag v1.64.

    After doing the defrag and running Full Backup from Scheduled Backup Job by right clicking, I get a BSOD about half way thru the backup.

    This is consistent.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Why are you excluding that folder. I think you'd be fine if you didn't exclude anything. Try that defrag, verify FDISR is fine, and then image.

    Pete
     
  3. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    I excluded that folder as I thought you were supposed to when defragging if you use First Defense. Is this a misconception on my part?

    By the way, I think I found the culprit. I used to use Acronis Workstation 9.1 v3887 w/UR. I uninstalled it before using Shadow Protect. It worked fine for awhile, then the BSOD.

    At the suggestion of Nate in the ShadowProtect forum, I removed snapman.sys from my Windows/System 32 folder and now no BSOD. Hopefully, this will fix the problem.

    Silver
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Good. Re FDISR. You used to have to exclude one file, I think the name was $isrbin or something like that. Then FDISR got smarter and if the file was moved, it would just refind(is this a word) it and go on about it's business. When I tested Ultimate Defrag the last time, I didn't even bother excluding anything and had no trouble. Try it. IF you have a SP image your good to go if any problems occur.

    Pete
     
  5. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    Unfortunately, the BSOD came back. I can reboot with no problem. Then I do a Shadow Protect Image and reboot. BSOD during reboot. Have to go back to an earlier copy of First Defense to get my system back.

    Very discouraged at this time.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    You don't suppose Ultimate Defrag has something to do with it maybe?? Just guessing, but it's also doing disk stuff.

    Pete
     
  7. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    I reinstalled Storage Protect v3.03. I did no defragging this time. It is still happening. Now I get a BSOD when I try to perform an incremental. The computer booted okay afterwards. The BSOD while doing the incremental stated: "A wait operation, attach process, or yield was attempted from a DPC routine."

    By the way, I removed snapman.sys from my system and it came back after reinstalling Storage Protect. Properties of the file still says Acronis. Version is 3.03, same as Storage Protect version.

    This is very confusing. Any ideas?
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    This one will have to wait for grnxnm. I don't have a clue.

    Pete

    PS. I have one of them on my system also. Doesn't seem to cause any problems. o_O
     
  9. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Prior to installing SPD3, I uninstalled ATI using the standard procedure and then made sure no vestiges of it remained in the registry. For that purpose, I used jv16 PowerTools to search for "acronis" and "snapman" and just deleted whatever it found.

    Regardless, the following (older) post is from Acronis Support and provides detailed instructions for completely removing ATI:

    https://www.wilderssecurity.com/showpost.php?p=376168&postcount=13
     
  10. grnxnm

    grnxnm Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    391
    Location:
    USA
    Wow... nice thread title... You may be right, however the vast majority of BSODs that we see are actually caused by drivers from other vendors. I'll be happy to analyze the crash dump file for you to determine the exact cause. In order to do this, you must first configure your machine so that it will generate crash dump files. In the System Properties dialog (right click on "My Computer" and select Properties) click on the Advanced tab and then click on the Settings button in the Startup and Recovery group and then in the Startup and Recovery dialog's "Write debugging information" group make sure that your system is configured to generate a Small memory dump (64KB) file saved to: %SystemRoot%\Minidump

    Then reproduce the BSOD and then zip and send the contents of %SystemRoot%\Minidump to me. I will PM my email address to you.
     
  11. grnxnm

    grnxnm Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    391
    Location:
    USA
    @silver

    I was unable to PM you within Wilders, therefore I emailed a message to your hotmail account.
     
  12. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    I did what you asked for the minidump. I deleted snapman.sys and then restarted. BSOD. Then I restarted again. BSOD. I then went back to FD-ISR snapshot before deleting snapman.sys. It booted okay. However, no minidump to send you since snapshot was before BSOD.

    Now what?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    Silver

    Did you see my post in the storagecraft forum. I have the snapman.sys in my driver area, but whats running doesn't show it. Probably from the way I deleted the program.

    1. Run the Acronis uninstaller.
    2. Delete all remnant files manually
    3. Using RegsupremePro 1.4, I go to the installed software tab. Acronis was there, so I check it and then run remove.
    4. Going to the registry cleaning tab, I use a normal scan and just delete what ever is fund.

    I've never had a problem with Regsupreme, and it obviously got rid of what was necessary to kill the driver, as I've never had the BSOD you are seeing.

    Pete
     
  14. grnxnm

    grnxnm Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    391
    Location:
    USA
    When you attempt to remove Acronis True Image's snapman.sys driver, it's not enough to simply delete snapman.sys. In fact if that's all you do then you're sure to experience blue screens. You have to un-register snapman.sys as both a service and a filter before you delete snapman.sys.

    Quoting a post at storagecraft's forum:

    "This is something that's always kind of bothered me. If you delete a driver's .sys file but leave its service key (under HKLM\System\CurrentControlSet\Services) intact, and if that driver's Start value is 0, the system will fail to boot (as you discovered) the next time you boot. Another issue that will cause boot failure is if you have a driver which fails to load and that driver is registered as an upper or lower filter on any of the devices in the storage stack. In the case of snapman.sys, this driver is an upper volume class filter driver, and may (although I'd have to double check this) be registered in the volume class UpperFilters value. So there are two reasons that you will fail to boot if you just delete snapman.sys. To manually uninstall such a driver, you have to remove its name from any REG_MULTI_SZ UpperFilters and LowerFilters values under the class keys in HKLM\System\CurrentControlSet\Control\Class. Look for the GUID that start with 7 - that the volume class GUID and it wouldn't surprise me if you find snapman in that GUID's UpperFilters value. Next, set the HKLM\System\CurrentControlSet\Services\snapman\Start REG_DWORD value to 4 (disabled) and then reboot. After reboot, that driver won't be loaded, and you can then safely delete the snapman.sys file as well as delete the HKLM\System\CurrentcontrolSet\Services\snapman registy key and all of its subkeys and values."

    A nice user spelled out the keys under which UpperFilters values exist from which you must remove "snapman":

    2. Navigate to HKLM\System\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}. Remove the snapman entry from the "UpperFilters" values.

    3. Navigate to HKLM\System\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}. Remove the snapman entry from the "UpperFilters" values.
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,781
    Location:
    Texas
    Off topic post removed. As someone once said: "let's stay away from provocative comments and be engaged in constructive exchanges."
     
  16. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    grnxnm,

    Thank you very much for the detailed explanation. I had already performed the manual unintall of Acronis Workstation as shown in their forum here on Wilders. I had performed Pete's recommendations and I was still getting the BSOD's.

    After reading your post:

    snapman was in both of the Upper Filters that you suggested. I deleted them.

    snapman was also still in the HKLM\System\CurrentControlSet\Services\snapman\

    I just deleted snapman. I then rebooted, deleted snapman.sys from the Windows\System32 folder and rebooted. It was gone.

    I then did an incremental backup with ShadowProtect. So far, everything is working well.

    I have already tested the Recovery CD and it works like a charm on my Silicon Image Raid 0 machine. I did have to load the drivers, but that only took a couple of seconds, as they are located on my backup drive.

    I had purchased v3 after a few days when I was traveling and using my laptop. I had no issues there, even with just a normal uninstall of Acronis.

    I will now purchase a second license for this machine. It is a "state-of-the art" imaging program. Very fast compared to Acronis.

    Thanks again,

    Silver
     
  17. grnxnm

    grnxnm Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    391
    Location:
    USA
    I'm glad that's all cleared up. It strikes me that this thread's title is woefully inaccurate. It's clear to all, now, that the BSOD was caused by Acronis True Image's snapman.sys. And that the subsequent BSODs were caused by a registry misconfiguration (where the snapman.sys file was missing but the system was still configured to try to use snapman.sys at boot time and failing to find the file it paniced with a BSOD). Sometimes it's good to get the facts straight before pointing fingers, eh? ;)

    On another note, I can't believe I'm spending time supporting, and resolving, an issue which is caused by a competitor's product. Oh well.
     
  18. silver0066

    silver0066 Registered Member

    Joined:
    Dec 31, 2004
    Posts:
    929
    I was not pointing fingers at Shadow Protect. The BSOD's mainly happened when I performed backups with Shadow Protect. It is obviously a problem that many ex-Acronis users will have when switching. Your courtesy of pointing out the solution will help many other testers of ShadowProtect.

    Thanks again,

    Silver
     
  19. grnxnm

    grnxnm Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    391
    Location:
    USA
    No prob.
     
Loading...
Thread Status:
Not open for further replies.