M
MICHAEL
One last thing before I take my arse to bed.
Right after I decrypted Vista, I looked
at the free space on the volume- 14.2 GB
Now, 17.6 GB. Those 3.4 GBs of extra space
came from my restore points being wiped out.
I had many restore points... had.
Just proves to me more that all those restore
points were there and stayed there with BitLocker
on. BitLocker off, those restore points were
deleted.
Goodnight.
Right after I decrypted Vista, I looked
at the free space on the volume- 14.2 GB
Now, 17.6 GB. Those 3.4 GBs of extra space
came from my restore points being wiped out.
I had many restore points... had.
Just proves to me more that all those restore
points were there and stayed there with BitLocker
on. BitLocker off, those restore points were
deleted.
Goodnight.
MICHAEL said:Decrypted, rebooted to XP, rebooted to Vista-
Vista System Restore points are GONE.
I don't care what those "experts" say based on
what is "expected behavior" or some conceptual
analysis- I know what I have seen.
BitLocker on = Vista System Restore Points are *not* erased.
BitLocker off = Vista System Restore wiped out!
Perhaps, some of them experts need to do less talking about
concepts, theory; and just sit down and do it.
Folks, if you want to protect your Vista System Restore points-
Turn on BitLocker Drive Encryption. There is an option once
the drive is encrypted to turn off key or password verification.
Which means your Vista volume stays encrypted but you don't
have to worry about using a USB thumb/key drive or use a
password at startup.
-Michael
Colin Barnhorst said:Be sure to file the bug report while the file collector can capture your present set up.
Then update the bug report with your later findings.
MICHAEL said:Hmm... the more I think about this the more I'm absolutely sure
BitLocker must have something to do with my restore points
not being erased- I am not crazy. I know what I see and I know
that restore worked- even after booting to XP numerous times.
Experts, especially Microsoft "experts", have been wrong before.
I must have some rare undiscovered "bug".
Well, not undiscovered to me. ;-)
I am going to turn off BitLocker and decrypt Vista.
If my restore points are gone after booting to XP-
those experts can kiss my arse!
I'm going to eat dinner, relax, and then do this decryption thing.
"640K ought to be enough for anybody."
- Bill Gates
If you can't make it good, make it LOOK good. - Bill Gates
"The Internet? We are not interested in it"
-- Bill Gates, 1993
I believe OS/2 is destined to be the most important operating system, and possible program,
of all time. - Bill Gates, 1987
"Microsoft Products are Generally Bug Free"
-- Bill Gates
-Michael
Strange.... I wish some more folks here would test this out.
Would having my CompletePC Backup saved to external hard
drive make any difference? I do, already. I also have my File
and Folder backups saved to an external hard drive.
I don't know. :-/
-Michael
The discussion in the CompletePC Backup live meeting and chat for the TechBeta MVP folks
explicitly touched BitLocker in regards to the topic and I don't think what you are
experiencing is a reliable result based on what the experts there said. Unfortunately,
the discussion (but not the slides) are covered by an NDA so there isn't much more I can
add until MS makes more info public. The danger is that the experts were speaking based
on builds beyond even 5456. The bottom line still is that dual-booting XP and Vista has
issues that might preclude doing that in a production environment.
Yes, it can be confusing. For me in Vista, C: Vista and D: XP
In XP, C: XP and F: Vista. Although, while Vista is encrypted,
XP shows F: as a blank unformatted volume.
When I first installed Vista on June 14, the only volsnap error
messages I had were "volume C: were aborted". Since turning
on Bitlocker, it is now "volume D: were aborted". To my untrained
eye, there seems to be something going on with BitLocker that
is keeping my Vista restore points safe. Whatever the reason,
I am glad.
-Michael
The expected message, "The shadow copies of volume D: were aborted during detection"
This is the process that kills the Vista restore points. Note that it can be very
confusing trying to sort out by volume letters in a Windows multiboot system because
the letters for a volume may be different under each of the operating systems. Volume
D: as seen by XP may be C: seen by Vista and yet be the same volume, and so on.
In "System" under Window Logs I used a filter to show only
Volsnap errors. Volume D: is my WinXP partition. These errors
showed up around the time I turned on BitLocker and encrypted my
Vista volume. A different error shows up prior to using BitLocker-
replace D: with C: (my Vista partiton).
Log Name: System
Source: volsnap
Date: 6/26/2006 9:51:23 PM
Event ID: 29
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Michael-PC
Description:
The shadow copies of volume D: were aborted during detection.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volsnap" />
<EventID Qualifiers="49158">29</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-06-27T01:51:23.375Z" />
<EventRecordID>46478</EventRecordID>
<Channel>System</Channel>
<Computer>Michael-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>D:</Data>
<Binary>0000000002003000000000001D0006C00F000000020100C000000000000000000000000000000000</Binary>
</EventData>
</Event>
------------------------------------
Log Name: System
Source: volsnap
Date: 6/15/2006 12:27:03 PM
Event ID: 29
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Michael-PC
Description:
The shadow copies of volume C: were aborted during detection.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="volsnap" />
<EventID Qualifiers="49158">29</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-06-15T16:27:03.984Z" />
<EventRecordID>22260</EventRecordID>
<Channel>System</Channel>
<Computer>Michael-PC</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>C:</Data>
<Binary>0000000002003000000000001D0006C00F000000020100C000000000000000000000000000000000</Binary>
</EventData>
</Event>
I'll bet the line
"Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback "
is the incompatibility between the XP volsnap.sys and the Vista volsnap.sys that the
presenters were talking about in a recent live meeting. If so, that's the one that
will not be fixed due to the extensive changes to XP itself that they said it would
take.
Good post!
I was going through the Event Viewer looking for
entries about the System Restore I did last
night- saw entries about "continuing system restore"
and "system restore successful" are all I found.
Did find some other stuff, don't know what they mean.
Going through mucho information in the Event Viewer>
Windows Logs>Application
I find this error. This VSS error is *always* followed by
2 System Restore information entries saying the Creation
Restore Point succeeded. After this error there are two more
errors for VSS that happen less frequently, those are below
this error message.
Log Name: Application
Source: VSS
Date: 6/26/2006 10:08:22 PM
Event ID: 8194
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MICHAEL-PC
Description:
Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cf9c1d4c-6255-4ad0-acac-b2a73234fd64}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8194</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-06-27T02:08:22.000Z" />
<EventRecordID>6064</EventRecordID>
<Channel>Application</Channel>
<Computer>MICHAEL-PC</Computer>
<Security />
</System>
<EventData>
<Data>0x80070005</Data>
<Data>
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cf9c1d4c-6255-4ad0-acac-b2a73234fd64}</Data>
<Binary>2D20436F64653A20575254575254494330303030303932382D2043616C6C3A20575254575254494330303030303839382D205049443A202030303030313239322D205449443A202030303030313033362D20434D443A2020433A5C57696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D20557365723A204E5420415554484F524954595C4E4554574F524B2053455256494345202020202D205369643A2020532D312D352D3230</Binary>
</EventData>
</Event>
------------------------------------------------------------
Log Name: Application
Source: VSS
Date: 6/23/2006 10:07:20 PM
Event ID: 19
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MICHAEL-PC
Description:
Volume Shadow Copy Service error: The EventSystem service is disabled or is
attempting to start during Safe Mode. The Volume Shadow Copy service cannot start
while in safe mode. If not in safe mode, make sure that EventSystem service is
enabled. CLSID:{4e14fba2-2e22-11d1-9964-00c04fbbb345} Name:CEventSystem [0x80040206]
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">19</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-06-24T02:07:20.000Z" />
<EventRecordID>4890</EventRecordID>
<Channel>Application</Channel>
<Computer>MICHAEL-PC</Computer>
<Security />
</System>
<EventData>
<Data>{4e14fba2-2e22-11d1-9964-00c04fbbb345}</Data>
<Data>CEventSystem</Data>
<Data>0x80040206</Data>
<Data>
</Data>
<Binary>2D20436F64653A20575254575254494330303030333730362D2043616C6C3A20575254575254494330303030333637322D205049443A202030303030313236382D205449443A202030303030333336382D20434D443A2020433A5C57696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D20557365723A204E5420415554484F524954595C4E4554574F524B2053455256494345202020202D205369643A2020532D312D352D3230</Binary>
</EventData>
</Event>
---------------------------------------------------
Log Name: Application
Source: VSS
Date: 6/23/2006 10:07:20 PM
Event ID: 8193
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: MICHAEL-PC
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.
hr = 0x80040206.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8193</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-06-24T02:07:20.000Z" />
<EventRecordID>4891</EventRecordID>
<Channel>Application</Channel>
<Computer>MICHAEL-PC</Computer>
<Security />
</System>
<EventData>
<Data>CoCreateInstance</Data>
<Data>0x80040206</Data>
<Data>
</Data>
<Binary>2D20436F64653A20575254575254494330303030333731322D2043616C6C3A20575254575254494330303030333637322D205049443A202030303030313236382D205449443A202030303030333336382D20434D443A2020433A5C57696E646F77735C73797374656D33325C737663686F73742E657865202D6B204E6574776F726B53657276696365202020202020202D20557365723A204E5420415554484F524954595C4E4554574F524B2053455256494345202020202D205369643A2020532D312D352D3230</Binary>
</EventData>
</Event>
Here's something I noticed. When you open up System Protection,
it has a box that lists the different volumes you can create Automatic
restore points. I only have Vista checked. My WinXP partition is
unchecked. However, there is always the same restore point listed
next to it under "Most Recent restore point" that Vista has. But, when
I reboot, it will go back to saying "None". The next time an automatic
restore point is created or I create one manually, then it list the restore
point next to WinXP, too, even though I have it unchecked. I don't what
this means, if anything. If that's what it is suppose to say or it's a bug.
It doesn't list a restore point next to my external drive and its three
partitions- I wouldn't expect it to because I have those three volumes
unchecked. Perhaps, I just don't fully understand what System Restore
does.
I'm no expert on computers- just a player. I've been messing around
with computers and beta software for about 10 years. So, I feel
comfortable doing most things, but a lot of this stuff is over my head
and I wish I could be more helpful and/or precise with my descriptions
and terminology. Sorry.
I don't know why my restore points for Vista are there. Is it BitLocker or
something else. Is it a bug? I just don't know.
Take care,
Michael
"Chad Harris" <Bushisamoron.net> wrote in message
Michael that's interesting--I haven't played with Bitlocker so I'll have to see
what I can do to preserve restore points. It's not just going to XP via the boot
but going to the XP desktop by following the shortcut that takes out my restore
points as MSFT says it will.
But you and Colin have raised that Bitlocker or Safe Mode could protect the Vista
restore points. I'm not sure how UAC which probably gets more locked down from
build to build (I'd like to see it be more flexible with warnings in your face and
hurdles as well) plays in on the sign in but I'm sure it's connected. I'll have
to look that up. In XP you could always try signing into Safe mode as
"adminstrator" and leaving the password blank when you forgot the password and
wanted to go to the safe mode spare admin account to reset it.
Always keep in mind if you have to recover the 'Win RE' options from the DVD that
can often pull you out of a jam. They have worked for me in a literal minute when
I couldn't boot Vista. I don't know what the security prompt for a password is
if you've set a password with that feature, but you'd imagine if they are locking
down the way the UAC info says they are, they'd probably protect that as well or
else someone could try to use it i suppose to access the box if it would function
when the box is not in a crashed situation.
CH
Well....... After agonizing through two SRs using two different
restore points.... looking at a light blue screen for what seemed
an eternity (15-20 minutes) both times..... System Restore worked
both times. "Undo System Restore" is now my most recent
restore point.
I first used a restore point from Saturday afternoon. After checking
some things out, I then used a restore point from this afternoon.
Everything seems to be working fine. I don't know what to tell
you guys- my restore points in Vista have been there since I
turned BitLocker on, and I now know for sure two of them worked.
Another observation, you can not access Safe Mode or the
boot Menu before your key or password are accepted. I can
get to the Bios, but not Safe mode (F8) or Boot Menu (F11).
If you try, a message saying BitLocker has blocked those
options to prevent tampering. However, I do have boot options
in the Bios settings. Just some extra FYI.
Okay, enough playing/praying for tonight.
Goodnight.
-Michael
"Chad Harris" <Bushisamoron.net> wrote in message
I find this hard to understand--Michael. It actually is bug reportable--in other
words if that happens, although many of us wish it were possible, it's a bug.
And you have access to a number of ways to report it.
"My Vista restore points are still listed after booting to XP and then back to
Vista."
Michael -- this point may be helpful for you to remember in testing some of what
we've discussed with System Restore. Remember that you can always try out the
restore point and *undo* the restore. The *undo* is not iffy and is reliable
enough to protect you if you want to check out some of what you're seeing.
CH
Okay, I understand that.
What I really want to know- why are my SR points still
listed? When I open up System Protection, it shows the
last restore point. If I click on the System Restore button,
and then next- it lists all sorts of restore points. Points
made after installs, uninstalls, manual restore points-
many are listed since the 21st.
Like I said, I have regularly
booted to XP and my *restore points are still there. I was
under the impression they would be wiped out.
My Vista restore points are still listed after booting to XP
and then back to Vista.