Restore or Failback to Server 2022 Hyper-V host fails with "Unable to update VM security descriptor Error"
This article is specific to an error that occurs when attempting to restore or failback to a Hyper-V host running Windows Server 2022 or versions 2004 and 20H2 of the Semi-Annual Channel versions of Windows Server.
This article addresses an issue that is mentioned in the Veeam Backup & Replication 11a release notes:
Restoring VMs that were backed up from Hyper-V 2012R2 (or later) hosts in the crash-consistent state to Hyper-V 2022 and SAC version 2004 and 20H2 hosts fails with the “Writer 'Microsoft Hyper-V VSS Writer' is failed at 'VSS_WS_FAILED_AT_POST_RESTORE'” error due to a bug in Hyper-V.
Challenge
A Full VM Restore, Instant Recovery, or Failback of Hyper-V VM with Configuration Version 5.0Configuration Version 5.0 was first introduced with Server 2012 R2 Hyper-V. to a Hyper-V host running Server 2022 fails with the following error:
Unable to update VM security descriptor Error: Failed to call RPC function 'HvRestorePostRestore': Writer 'Microsoft Hyper-V VSS Writer' is failed at 'VSS_WS_FAILED_AT_POST_RESTORE'. The writer experienced a non- transient error. If the backup process is retried,. the error is likely to reoccur. Failed to finalize restore session. Failed to process request to process post restore steps. Failed to execute post restore command.
Cause
Due to a bug in Hyper-V 2022, the Hyper-V host will fail to register VMs that are being restored if they were using Configuration Version 5.0. Through testing, we have determined that this restore/failback issue does not occur if Application-Aware Processing was used to process the source VM that had configuration version 5.0.
Note: Configuration Version 5.0 was associated with Server 2012 R2. However, VMs with Configuration Version 5.0 may also exist on Hyper-V hosts running Server 2016 and Server 2019. Starting with Server 2022, Configuration Version 5.0 is no longer supported, and in most scenarios, the Hyper-V 2022 host will automatically upgrade those VMs to Configuration Version 8.0.
When the restore or failback operation fails to complete, the following events can be observed within the VMMS Events on the destination Server 2022 Hyper-V host:
Event 10113, Hyper-V-VMMS Unable to parse backup metadata for component '<VM-guid>'.
Event 10104, Hyper-V-VMMS One or more errors occurred while restoring the virtual machine from backup. The virtual machine might not have registered or it might not start. (Virtual machine ID <VM_GUID>)
Solution
Prevention
Server 2016/2019 Hyper-V Hosts
For environments where the VMs with Configuration Version 5.0 are located on a Hyper-V host running Server 2016 or Server 2019, either:
- Upgrade the configuration version of all VMs to at least 8.0, which is the minimum configuration version supported by Server 2022.
or - Enable Application-Aware Processing within the backup or replication job(s) that process those VMs, and ensure that it completes that operation for all VMs with Configuration Version 5.0.
Server 2012 R2 Hyper-V Hosts
For environments using a Hyper-V host running Server 2012 R2, there is only one option: Application-Aware Processing must be enabled within the backup or replication job(s), and it must successfully process the VMs. This will ensure that the generated restore points can be restored to a Hyper-V host running Server 2022.
Workarounds
For scenarios where the restore or failback operation must be completed, use the following workarounds:
Restore
- Use VM Files Restore to restore all the VM's files to a folder on the Hyper-V host running server 2022.
- On that Hyper-V host, use the Hyper-V Manager's Import Virtual Machine function with those restored VM files.
Replica Failback
- Take note of the replica's:
- Generation, either 1 or 2
- Memory Configuration
- CPU Configuration
- On the failback destination, create a New Virtual Machine with the same Generation, Memory, and CPU configuration as the replica but with no disks.
- Within the Veeam Backup & Replication console perform failback:
- Use the "Failback to the original VM restored in a different location" option.
- On the Target VM tab of the failback wizard, select the Replica VM, click the Edit button, and select the blank VM you created in Step 2.
- Complete the steps of the Failback Wizard.
- Proceed with normal failback handling, choosing either Commit failback or Undo failback.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.