No backup file found after scheduled backup from sleep mode. No display after wake.

emeskay

EDIT: I have just found what was going wrong with what is described below and now the problem appears to be solved. I'm posting here in case anyone else who has the same issue finds it useful. If anyone else has seen a similar issue and can help with a better understanding - please post here. Thank you.

__ORIGINAL POST__

About 10 days ago, I installed Aomei Backupper pro on a new AMD Ryzen System with a clean install of windows 10 pro. Initially I installed version 5.5. However scheduled backups were not taking place in 5.5 (from sleep mode). In fact the system appeared to be crashing in the middle of the night when the backup was scheduled - I won't go into the details, event viewer entries etc. Also there were no entries for Aomei in the Windows Task Scheduler.

I thought the problem may have to to with backupper not handling the sleep mode properly. Therefore I installed version 5.6 after uninstalling 5.5. In version 5.6 there is an option in the Aomei GUI for waking the system from sleep which I have checked. Now, after installing 5.6, the windows Task Scheduler correctly shows all the scheduled Aomei entries. Also, the scheduled backup works fine in the wake state. However, not so in sleep mode.

To isolate the problem, I did the following test several times. I set display to turn off after 1 min and sleep after 2 mins and scheduled a small backup to take place a few minutes after sleep. I then watch the fan activity on the machine - sure enough at exactly the scheduled time the system wakes up, the display shows and the fan speeds up indicating that some processing is taking place and then the fan speed returns to normal. Around this time the display also goes blank again (since it has been set to go off after 1 min). I then wait a couple of minutes and then shake the mouse - and there is no response from display. The only option is to do a hard reset.

__RESOLUTION__

Looking through the Event Viewer (Windows Logs/Application) I found the following entry (Event Id 8194, Task Category: None):

Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied. This is often caused by incorrect security settings in either the writer or requestor process.

I couldn't understand why there should be such an error. However it suddenly occurred to me that while my windows system was installed on a brand new drive, my data drives, including the backup drive, had been transferred physically as-is into the new machine. So on the backup drive, the security user/group names showed: Authenticated users, System, Administrators, Users and Unknown User - the unknown user being from the installation on the old machine. Still, I felt that that could not be the problem as I (current user: Sandeep) had administrative rights (I usually remove admin rights after everything appears to be set up and functioning smoothly). Nevertheless on the off-chance, I added "Sandeep" to the list in the security properties box in the backup drive, but giving only read-execute rights since I would be doing that anyway later. Then I repeated the sleep + scheduled backup test as above and lo and behold everything went as smooth as butter.

The blank screen in the original test was probably hiding a BSOD underneath - which could not be seen as the display had been set to timeout in one minute. In fact doing the same test but shaking the mouse before the one-minute display timeout brought the windows 10 blue screen - We are checking the problem etc, etc, and going from 0 to 100%.

So although I cant quite understand what the "Access denied" problem was, adding the correct user (even with limited rights) seems to have resolved the problem. I will have to see how it goes over the next few days. If anyone else has seen a similar issue and can help with a better understanding - please post here. Thank you.

emeskay

However, this solution leaves some questions unanswered - for example why was the backup working in wake mode but not in sleep mode?

emeskay

OK, so the problem is not quite solved. While tests show that scheduled backup works fine in wake or sleep state, yesterday I encountered another situation when a BSOD occurs.

STEPS TO REPRODUCE:

1. Schedule a small backup a few minutes from the current time.
2. Start watching a youtube video.
3. Observe when the scheduled time is reached and wait for a couple of minutes (presumably until when the backup is about to complete).
4. Observe BSOD.

This BSOD occurred at 2.00 AM (Saturday 14th) while watching a youtube video (don't ask why I was watching at 2.00 AM). The memory dump as read via windbg follows:

Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 18362 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff805`62600000 PsLoadedModuleList = 0xfffff805`62a48150
Debug session time: Sat Mar 14 02:00:53.821 2020 (UTC + 5:30)
System Uptime: 0 days 6:18:10.479
Loading Kernel Symbols
...............................................................
.........Page 7c3032 not present in the dump file. Type ".hh dbgerr004" for details
.......................................................
................................................................
........
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00289018).  Type ".hh dbgerr001" for details
Loading unloaded module list
.......
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`627c2380 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffff101`f9c464b0=000000000000003b
windbg> .hh dbgerr001
10: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8056270a924, Address of the instruction which caused the bugcheck
Arg3: fffff101f9c46de0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 2

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-99L33R8

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 34

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 63

    Key  : Analysis.System
    Value: CreateObject


ADDITIONAL_XML: 1

BUGCHECK_CODE:  3b

BUGCHECK_P1: c0000005

BUGCHECK_P2: fffff8056270a924

BUGCHECK_P3: fffff101f9c46de0

BUGCHECK_P4: 0

CONTEXT:  fffff101f9c46de0 -- (.cxr 0xfffff101f9c46de0)
rax=ffffbf8e674d3be8 rbx=0000000000000000 rcx=0000000000000000
rdx=ffffbf8e674d3a40 rsi=0000000000000200 rdi=ffffbf8e6d9d0020
rip=fffff8056270a924 rsp=fffff101f9c477d0 rbp=ffffbf8e66dc3da0
 r8=0000000000000003  r9=0000000000000000 r10=ffff800000000000
r11=ffffbf8e674d3c30 r12=ffffbf8e674d3a40 r13=0000000000000000
r14=ffffbf8e7375b0d0 r15=ffffbf8e66dc3c50
iopl=0         nv up ei ng nz ac po cy
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00050297
nt!IofCallDriver+0x44:
fffff805`6270a924 488b4908        mov     rcx,qword ptr [rcx+8] ds:002b:00000000`00000008=????????????????
Resetting default scope

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  Backupper.exe

STACK_TEXT:  
fffff101`f9c477d0 fffff805`71961845 : 00000000`00000000 fffff805`00000000 ffffbf8e`66dc3da0 00000000`00000200 : nt!IofCallDriver+0x44
fffff101`f9c47810 fffff805`71961b6a : 00000000`00000000 ffffbf8e`6d9d0020 00000000`00000000 ffffbf8e`6f47b370 : amwrtdrv+0x1845
fffff101`f9c47890 fffff805`6270a939 : ffffbf8e`719a70c0 00000000`00000001 ffffbf8e`719a75c0 00000000`00000000 : amwrtdrv+0x1b6a
fffff101`f9c478c0 fffff805`62cb2bd5 : fffff101`f9c47b80 ffffbf8e`6d9d0020 00000000`00000001 ffffbf8e`7375b0d0 : nt!IofCallDriver+0x59
fffff101`f9c47900 fffff805`62caedcf : fffff101`f9c47b80 ffffbf8e`7375b120 00000000`00000000 fffff101`f9c47b80 : nt!IopSynchronousServiceTail+0x1a5
fffff101`f9c479a0 fffff805`627d3c18 : 00000000`00000748 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtReadFile+0x59f
fffff101`f9c47a90 00000000`77a01cbc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`0009eec8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77a01cbc


SYMBOL_NAME:  amwrtdrv+1845

MODULE_NAME: amwrtdrv

IMAGE_NAME:  amwrtdrv.sys

STACK_COMMAND:  .cxr 0xfffff101f9c46de0 ; kb

BUCKET_ID_FUNC_OFFSET:  1845

FAILURE_BUCKET_ID:  0x3B_c0000005_amwrtdrv!unknown_function

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {9aabe578-eb6f-176c-a9e8-abe7a444eadd}

Followup:     MachineOwner
---------

emeskay

The last 5 dumps are present in Windows\Minidump. To summarize the codes:

#5 (Posted above):

Process: Backupper.exe, Module:amwrtdrv, bugcheck: 3b (SYSTEM_SERVICE_EXCEPTION) (P1 = c0000005, P4 =0)

#4:

Process: Backupper.exe, Module:amwrtdrv, bugcheck: 18 (REFERENCE_BY_POINTER) (P1 = 0, P4 = -1)

#3:

Process: Backupper.exe, Module:amwrtdrv, bugcheck: 50 (PAGE_FAULT_IN_NONPAGED_AREA)

#2:

Process: bdagent.exe, Module:win32kbase, bugcheck:18 (REFERENCE_BY_POINTER) (P1 = 0, P4 = 1)

#1:

Process: ABCore.exe, Module:amwrtdrv, bugcheck: a (IRQL_NOT_LESS_OR_EQUAL) (P2 = 2, P3 = 0)

All except one were associated with amwrtdrv.

Regarding the bdagent.exe (bitdefender) - perhaps bitdefender thinks that amwrtdrv.sys is a virus?

emeskay

This seems like essentially the same issue that people are having on:

Backerupper - amwrtdrv.sys causing BSOD on Windows 10

https://www.aomeitech.com/forum/discussion/4995/backerupper-amwrtdrv-sys-causing-bsod-on-windows-10#latest

admin

Please try the test version for the blue screen issue. 

emeskay

I installed the test version and so far the backups seem to be going well. I also tested it by watching a video and performing some other tasks before and during a scheduled backup and this time there were no issues. So hopefully the matter is resolved.

Thank you for your help.

Best Regards,

Sandeep.