How the windows backups works in windows servers

Very often we come across issues, in which the VSS Writers keep failing after two or three backups. It may be a single VSS Writer or many of them from the list we get on running “vssadmin list writers”. I have been analyzing some tasks and have found that in cases where after updating the drivers for VSS, deleting the Subscriptions key and re-registering the DLL’s, if we still find that the VSS writers fail, then it is not the writers which are at fault. It is the Providers.

First let us understand some background of VSS.

Background data on VSS
======================
Snapshot:- This is a point in time copy (shadow copy) of a volume.

There are 3 important components involved in a snapshot creation.

1. Volume Shadow Copy Service
2. VSS Writers
3. VSS Providers
4. File System

Volume Shadow Copy Service – (volsnap.sys)
==========================
This is the service which helps in co-ordination ( communication between the OS, the VSS writers, the VSS providers ). The point to note is that VSS ( Volume Shadow Copy Service ) DOES NOT TAKE SNAPSHOTS as we all assume it does. It just helps other components ( Writers, Providers & OS ) communicate with each other effectively. Any transaction has to go through this service.

VSS Writers
===========
On a Server, we have a database for everything. For example, on a clean installed system, we have a database for the Registry, System, DCOM etc… everything that comes along with the OS.

If we add SQL to the server, then a database for SQL is created.
If we further add Exchange, database for Exchange is created.

VSS Writers are the ones who prepare the database for a snapshot ( shadow copy creation ). Again, VSS Writers do not take snapshots. They just prepare the database for a snapshot creation.

For example, there could be open transactions for Exchange, SQL, Registry, DCOM etc.. If we take a snapshot without preparing them first, the snapshot might be corrupt due to open transactions. For a perfect snapshot, these open transactions have to be closed first. The data in memory has to be flushed and further transaction have to stopped before a snapshot creation can happen.

This is achieved by VSS Writers.

The OS comes with some default writers like Registry Writer, System Writer, COM+ Writer etc. Writers like Exchange, SQL, IIS are not preinstalled on the system.
The moment we install Exchange, SharePoint,IIS or SQL, their writers are also installed. It comes with the package of the individual component.So, the registry writer will flush everything in its own database and stop further transactions ( read/write operations in registry ) during a snapshot creation process.Same goes for Exchange Writers. This will also flush existing transactions ( read/write operations ) in its own Exchange database before a snapshot can be taken. The writers will not interfere with each other as they are only responsible for their own database.

VSS Providers
=============
Now, these are the ones responsible for taking a snapshot. It is the most important part of a shadow copy creation.By default, we always have the “Microsoft Software Shadow Copy Provider” also known as “swprv.dll” installed on the system. If we add a backup program like StorageCraft, then a provider from StorageCraft named “StorageCraft Shadow Copy Provider” will be installed on top of the default provider and will be used as the default provider.Further if we add Symantec Backup Exec, then a provider from Symantec will also be installed on top of the other two and will be used as the default provider.Note: When we run the command “vssadmin list providers” – The one that comes up on the top of the list, is the one installed last, and is the one used by default.Sometimes, the providers may conflict or may malfunction. If the providers fail to do their job, it also affects the writers. It may cause the writers to fail too and generate event errors like Event id 8, 12298 in the event Viewer.

File System
===========
Also known as NTFS.sys is the most important part of an OS. Without a file system, nothing is possible. Further explanation not required for this.

WHAT HAPPENS WHEN WE INITIATE A BACKUP using VSS
================================================
1. We initiate a backup using a backup application.
2. The request is sent to Volume Shadow Copy Service ( VSS ) or volsnap.sys
3. The VSS informs the respective writers that a snapshot creation is going to happen, so they must flush everything and freeze their databases for a a few seconds. The maximum time VSS writers can freeze their databases is for 60 seconds.
4. Once the VSS writers complete their job ( have flushed and freezed the database ), it informs Volume Shadow Copy Service ( VSS ), that they are ready now.
5. The VSS then informs the providers to take a snapshot. A snapshot is taken which takes a maximum of 10 secs. Once a snapshot is taken, it informs VSS that its job is done.
6. Then the VSS informs the VSS writers that a snapshot has been taken and that they can release the database.
7. Everything comes back to normal and the backup operation is started using the snapshot taken.