Acronis Cyber Backup Cloud: Backup fails with "Operating system error: Already blocked"

Acronis Cyber Backup Cloud: Backup fails with "Operating system error: Already blocked"


You are protecting Windows Server 2008 R2 with Acronis software.

Backup fails with the following error messages:

Error code: 1098825
Fields: {"$ module": "disk_bundle_vsa64_xxxxx"}
Message: Locking of volume snapshot failed.
Error code: 9
Fields: {"$ module": "disk_bundle_vsa64_xxxxx", "code": 3758096391}
Message: Already blocked.

While checking VSS doctor report or Windows Application Event log you find the following (or quite similar):

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW (-2147483646, SYSTEM \ CurrentControlSet \ Services \ VSS \ Diag, ...). hr = 0x80070005, access denied.


You have installed DHCP role on your Windows Server 2008 R2. When the DHCP server role is installed, permissions of the HKLM\CurrentControlSet\Services\VSS\Diag registry key (and all subkeys) are overwritten when the DHCP Service account is added.  When this occurs, the Network Service account is removed.

Every time the Cryptographic Services service is started, it initializes "System Writer" under the Network Service account and verifies read/write permission for this registry key (HKLM\CurrentControlSet\Services\VSS\Diag). As this account was removed, there is no permission for the Network Service and VSS logs an "Access denied" event. Agent for backup uses VSS service for application DB backups in Windows OS family. As a result, backup fails.


Set up the required security permissions as described in this Microsoft article: VSS EventID 8193 is logged when you restart the Cryptographic Services service after you install the DHCP role on a computer that is running Windows Server 2008 R2.

More information

Should the issue persis, please collect the following information:

  • a screenshot showing set permissions for HKLM\SYSTEM\CurrentControlSet\services\VSS\Diag and/or that registry branch
  • new VSS doctor report
  • system information report from that machine

and contact our support team.