It seems that our Windows 2008 R2 Standard server started throwing CAPI2 event 513 errors every time the backup software runs a snapshot.
Formerly it was running SEP 12.1 RU1 and on 09/13/2012 it was upgraded to MP1 release - errors started appearing the same day.
The same event id errors were happening in the past, but they were rather related to MS broken revocation list of certificate store/cache, it was fixed eventually.
The System Writer is listed when I issue the command "vssadmin list writers", so that's not the case. All Windows updates are installed on the machine.
this is a copy of example error event, it mentions a file belonging to Symantec, however when I try looking for it manually I cannot find it, not Computer Search does...
Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 9/21/2012 2:18:40 PM
Event ID: 513
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: server
Description:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
System Error:
The system cannot find the file specified.
.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="0">513</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2012-09-21T18:18:40.381717300Z" />
<EventRecordID>7371036</EventRecordID>
<Correlation />
<Execution ProcessID="1104" ThreadID="13288" />
<Channel>Application</Channel>
<Computer>server</Computer>
<Security />
</System>
<EventData>
<Data>
Details:
AddLegacyDriverFiles: Unable to back up image of binary EraserUtilRebootDrv.
System Error:
The system cannot find the file specified.
</Data>
</EventData>
</Event>
Our backup software (HP DataProtector Express 5.0) triggers this error event to show up. what is going on?
SEPM is installed on this Windows 2008 R2 server.
The other servers in our domain (Windows 2008 32-bit Standard) were upgraded the same day via SEPM and they don't show this error.