[SOLVED] System Restore not working: error 0x81000203 - Kaspersky Removal Tool

HapaxOromenon · Aug 7, 2019

Hello. I was recently assisted by softwaremaniac (at [SOLVED] - WU error 0x800f0982, but SFCFix found no corruptions) who helped me fix a problem with a Windows update failing to install. However, in the course of solving that problem, we discovered that System Restore was also not working on my machine, and softwaremaniac recommended I start a new thread in this forum for more expert assistance with that.

As stated in the title, trying to open System Restore from Control Panel -> System -> System Protection gives a message saying "There was an unexpected error in the property page: System Restore encountered an error. Please try to run System Restore again. (0x81000023) Please close the property page and try again." Trying to run rstrui.exe gives "System protection is turned off. To turn it back on so that you can use System Restore, configure system protection." I have already confirmed that the Volume Shadow Copy and Microsoft Software Shadow Copy Provider services are running and have their startup set to Automatic. Google also suggests that the program "TuneUp Utilities" is a known cause of this error, but I have never used or installed that program. So, any assistance would be much appreciated.

jcgriff2 · Aug 13, 2019

Hi. . .

Sorry for the delay.

Please see post #2 in this Microsoft thread - System Restore Error Code: 0x81000203

Regards. . .

jcgriff2

HapaxOromenon · Aug 13, 2019

jcgriff2 said:
Hi. . .

Sorry for the delay.

Please see post #2 in this Microsoft thread - System Restore Error Code: 0x81000203

Regards. . .

jcgriff2

Hello. I have already checked the Volume Shadow Copy and Microsoft Software Shadow Copy Provider Services, and both are already set to Automatic. The Group Policy option to "Disable System Restore" is also already set to "Not Configured". All of this was already stated in my initial post, and it means that the suggestions from post #2 of that Microsoft thread are of no use to me.

x BlueRobot · Aug 14, 2019

Have you tried doing a repair install? It should retain your personal files and programs, seems like something is corrupted within Windows.

https://answers.microsoft.com/en-us...-windows/35160fbe-9352-4e70-9887-f40096ec3085

Will Watts · Aug 14, 2019

@HapaxOromenon - if you open command prompt (in administrator mode), and run the following command:

vssadmin list volumes

What's the output?

Some programs (AV removal tools such as Kasperky, and a few others) have been known to delete relevant VSS registry keys causing this error. The expected output if this is the case is that vssadmin list volumes will return no results. This error may also be appearing in event viewer:

(IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff f, Catastrophic failure]).

HapaxOromenon · Aug 14, 2019

Will Watts said:
@HapaxOromenon - if you open command prompt (in administrator mode), and run the following command:

vssadmin list volumes

What's the output?

Some programs (AV removal tools such as Kasperky, and a few others) have been known to delete relevant VSS registry keys causing this error. The expected output if this is the case is that vssadmin list volumes will return no results. This error may also be appearing in event viewer:

(IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff f, Catastrophic failure]).

Hello. Thank you very much for your suggestion. The command gives the output "No items found that satisfy the query", and I am indeed using Kaspersky; also, in the course of my previous thread in the Windows Update forum, one of the steps I had to take was to temporarily remove Kaspersky with their KAVRemover tool. So it looks like we have successfully identified the problem. How do I go about fixing it?

Will Watts · Aug 14, 2019

Okay great - at some point it looks like the Kaspersky Removal Tool has deleted the registry key - this registry key is part of the Volume Shadow Copy service, which handles system restore points.

To fix it - please carry out the following steps:

Open a new Notepad window
Copy / Paste the below script into Notepad, and save as "kaspersky_fix.reg":

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}]
"UpperFilters"=hex(7):76,00,6f,00,6c,00,73,00,6e,00,61,00,70,00,00,00,00,00

This will update the "UpperFilters" value at this location to be "volsnap" (the hex code decodes to "volsnap"). Once you've copy/pasted the registry key, save this in a location you can easily access (e.g. desktop), and double click on the script to run the fix.

You will need to restart your machine once the fix has run, then check if you get the same issue accessing System Restore.

Optional extra: If you want to check if this has run correctly, you can enter the Registry Editor (Search > regedit), and navigate to Computer/HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f} in the address bar. The correct settings should look something like below:

HapaxOromenon · Aug 14, 2019

Hello. Thank you very much for the fix - System Restore seems to be working properly and the vssadmin command now does show the partitions of my drives as volumes. So I guess this can now be marked solved.

Will Watts · Aug 14, 2019

That's great - glad we could help!

I'll mark this thread as solved. Let us know if you have any other issues.

jcgriff2 · Aug 14, 2019

@HapaxOromenon - I am glad that you finally got this solved, especially after everything that you've been through with other forums as well as Sysnative.

Please accept my sincerest apologies that it took us the length of time that it did (and your note to the Admins) to finally receive a response/help on this. I assure you that this was just an unfortunate oversight and is not common at all of our usual business practice/response rate and time.

Should you need further assistance, please do return to Sysnative for whatever help you need or questions that you may have.

Kind Regards. . .

jcgriff2

Sysnative Windows Update · Aug 14, 2019

Glad to see this has been resolved!

mariog · Sep 25, 2019

"UpperFilters" value at location indicated by Will Watts was set to "klbackupdisk ambakdrv" - 2 blank lines and- "volsnap" I understand the first two came from Kaspersky and Aomei.

Just set "UpperFilters" to "volsnap" and problem is solved.

Many thanks to all of you, and of course special thanks to Will.

jcgriff2 · Sep 26, 2019

Thank you for posting back with the resolution.

Regards. . .

jcgriff2

mid23 · Nov 2, 2019

I recently used Kaspersky Removal Tool, it must have caused error 0x8100203, I am trying to follow your steps, however I am a little lost on the part after saving it. Where would i go inorder to paste the registry key

btw, I get this, Screenshot

Will Watts said:
Open a new Notepad window

Copy / Paste the below script into Notepad, and save as "kaspersky_fix.reg":

Code:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] "UpperFilters"=hex(7):76,00,6f,00,6c,00,73,00,6e,00,61,00,70,00,00,00,00,00

This will update the "UpperFilters" value at this location to be "volsnap" (the hex code decodes to "volsnap"). Once you've copy/pasted the registry key, save this in a location you can easily access (e.g. desktop), and double click on the script to run the fix.

You will need to restart your machine once the fix has run, then check if you get the same issue accessing System Restore.

Optional extra: If you want to check if this has run correctly, you can enter the Registry Editor (Search > regedit), and navigate to Computer/HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f} in the address bar. The correct settings should look something like below:

View attachment 49762

Sysnative Windows Update · Nov 2, 2019

Hello and welcome!

You have to copy and paste this into a blank Notepad document.

HapaxOromenon · Nov 2, 2019

mid23 said:
I recently used Kaspersky Removal Tool, it must have caused error 0x8100203, I am trying to follow your steps, however I am a little lost on the part after saving it. Where would i go inorder to paste the registry key

btw, I get this, Screenshot

Copy and paste it into a text file, and save that file with the extension .reg, for example fix.reg. Then double click on the saved file. You will be asked if you want to import the information into the registry - click yes, and the fix will be applied.

mid23 · Nov 2, 2019

Thank you soooo much!!! It fixed the problem. I had copy only script with out the Windows Registry Editor Version 5.00
I am so glad, its working fine. I was going nuts today to fix the problem, from one forum to another without exact solution. thank you

I am wondering if this has caused so much unstable on my system.

Sysnative Windows Update · Nov 2, 2019

This can cause keyboard issues. What instabilities are you currently experiencing with your machine?

mid23 · Nov 2, 2019

On a another note, is there any other effect of Kaspersky Removal Tool, because the other problem seem to be weird.
Screenshot, This diskclean progress without single movement
another one, Screenshot doesn't finish the download only in firefox., canceling doesn't do nothing.
Another similar, Screenshot, trigger by diskcleanup
I am really puzzled by this and so tired dealing with these today

Sysnative Windows Update · Nov 2, 2019

No. Please start a new thread and you will be assisted. Thank you.

Windows 10

[SOLVED] System Restore not working: error 0x81000203 - Kaspersky Removal Tool

Well-known member

Site Administrator, General Manager, BSOD Academy Instructor, Microsoft MVP (Ret.)

Well-known member

Moderator, BSOD Academy Instructor

Senior Administrator, Security Analyst

Well-known member

Senior Administrator, Security Analyst

Well-known member

Senior Administrator, Security Analyst

Site Administrator, General Manager, BSOD Academy Instructor, Microsoft MVP (Ret.)

Inactive

New member

Site Administrator, General Manager, BSOD Academy Instructor, Microsoft MVP (Ret.)

Member

Inactive

Well-known member

Member

Inactive

Member

Inactive