KB5015527: Shadow copy operations using VSS on remote SMB shares denied access after installing Windows update dated June 14, 2022

Applies To
Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server version 20H2 Windows Server 2022

Summary

After you install the June 14, 2022 or a later Windows update, operations related to shadow copies (creation or deletion) on an Application Server running VSS aware Server Applications that store data on remote SMB 3.0 or later file shares may fail for SMB shares hosted on a File Server. This issue could occur because of one of the following reasons:

  • The shadow copy creation operation fails. This issue occurs if the Application Server has not been updated to the June 14, 2022 Windows update but the File Server is updated.

    To resolve this issue, install the June 14, 2022 or newer Windows update on the Application Server as well as the File Server.

  • The account used to perform the shadow copy operation is a local account that has Administrator or Backup Operator privileges on the File Server.

    To resolve this issue, do one of the following:

  • The account used to perform copy operations does not comply with the privilege requirements for Administrators or Backup Operators.

    To resolve this issue, use a domain account that is part of the Local Administrators or Backup Operators group on the File Server.

Symptoms for these issues

After installing the June 14, 2022 or later Windows update, backup applications may receive error E_ACCESSDENIED while executing operations related to shadow copy creation. Additionally, a FileShareShadowCopyAgent Event 1013 is logged in the Microsoft-Windows-FileShareShadowCopyAgent/Operational channel (enabled by default) on the File Server.

Note

  • Event 1013
  • Microsoft File Share Shadow Copy Agent Error: The client connecting to the FssAgentRPC server did not have Local Administrator or Backup Operator privilege on this machine.

Cause

These issues occur because of security enforcement in the Remote VSS for File Shares (RVSS) agent service as addressed by CVE-2022-30154 | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability.

More information

To resolve the issue, install the Windows update dated June 14, 2022 or a later Windows update on both the Application Server and on the File Server. Failure to install the update on both machine roles could cause operations performed by applications that previously worked to stop working.

This issue was introduced by the Windows updates dated June 14, 2022.

Windows OS Introduced in Windows update
Windows Server 2022 KB5014678
Windows 10, version 20H2 KB5014699
Windows Server 2019 KB5014692
Windows Server 2016 KB5014702
Windows Server 2012 R2 KB5014746
Windows Server 2012 KB5014747

To resolve these issues, install the Windows update date June 14, 2022 or later on both the Application Server and on the File Server or perform configuration changes as described in the "Summary" section.

References

Protect Data on Remote SMB File Shares using VSS