[SOLVED] System Restore not working: error 0x81000203 - Kaspersky Removal Tool

H

HapaxOromenon

Well-known member
Joined
Nov 3, 2018
Posts
81
Hello. I was recently assisted by softwaremaniac (at [SOLVED] - WU error 0x800f0982, but SFCFix found no corruptions) who helped me fix a problem with a Windows update failing to install. However, in the course of solving that problem, we discovered that System Restore was also not working on my machine, and softwaremaniac recommended I start a new thread in this forum for more expert assistance with that.

As stated in the title, trying to open System Restore from Control Panel -> System -> System Protection gives a message saying "There was an unexpected error in the property page: System Restore encountered an error. Please try to run System Restore again. (0x81000023) Please close the property page and try again." Trying to run rstrui.exe gives "System protection is turned off. To turn it back on so that you can use System Restore, configure system protection." I have already confirmed that the Volume Shadow Copy and Microsoft Software Shadow Copy Provider services are running and have their startup set to Automatic. Google also suggests that the program "TuneUp Utilities" is a known cause of this error, but I have never used or installed that program. So, any assistance would be much appreciated.
 
Last edited by a moderator:
jcgriff2 said:
Hi. . .

Sorry for the delay.

Please see post #2 in this Microsoft thread - System Restore Error Code: 0x81000203

Regards. . .

jcgriff2
Click to expand...

Hello. I have already checked the Volume Shadow Copy and Microsoft Software Shadow Copy Provider Services, and both are already set to Automatic. The Group Policy option to "Disable System Restore" is also already set to "Not Configured". All of this was already stated in my initial post, and it means that the suggestions from post #2 of that Microsoft thread are of no use to me.
 
@HapaxOromenon - if you open command prompt (in administrator mode), and run the following command:

vssadmin list volumes

What's the output?

Some programs (AV removal tools such as Kasperky, and a few others) have been known to delete relevant VSS registry keys causing this error. The expected output if this is the case is that vssadmin list volumes will return no results. This error may also be appearing in event viewer:

(IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff f, Catastrophic failure]).
 
Will Watts said:
@HapaxOromenon - if you open command prompt (in administrator mode), and run the following command:

vssadmin list volumes

What's the output?

Some programs (AV removal tools such as Kasperky, and a few others) have been known to delete relevant VSS registry keys causing this error. The expected output if this is the case is that vssadmin list volumes will return no results. This error may also be appearing in event viewer:

(IVssSnapshotProvider::IsVolumeSupported() failed with 0x8000ffff [hr = 0x8000ffff f, Catastrophic failure]).
Click to expand...

Hello. Thank you very much for your suggestion. The command gives the output "No items found that satisfy the query", and I am indeed using Kaspersky; also, in the course of my previous thread in the Windows Update forum, one of the steps I had to take was to temporarily remove Kaspersky with their KAVRemover tool. So it looks like we have successfully identified the problem. How do I go about fixing it?
 
Okay great - at some point it looks like the Kaspersky Removal Tool has deleted the registry key - this registry key is part of the Volume Shadow Copy service, which handles system restore points.

To fix it - please carry out the following steps:

  1. Open a new Notepad window
  2. Copy / Paste the below script into Notepad, and save as "kaspersky_fix.reg":
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}]
"UpperFilters"=hex(7):76,00,6f,00,6c,00,73,00,6e,00,61,00,70,00,00,00,00,00


This will update the "UpperFilters" value at this location to be "volsnap" (the hex code decodes to "volsnap"). Once you've copy/pasted the registry key, save this in a location you can easily access (e.g. desktop), and double click on the script to run the fix.


You will need to restart your machine once the fix has run, then check if you get the same issue accessing System Restore.


Optional extra: If you want to check if this has run correctly, you can enter the Registry Editor (Search > regedit), and navigate to Computer/HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f} in the address bar. The correct settings should look something like below:


1565803210520.png
 
@HapaxOromenon - I am glad that you finally got this solved, especially after everything that you've been through with other forums as well as Sysnative.

Please accept my sincerest apologies that it took us the length of time that it did (and your note to the Admins) to finally receive a response/help on this. I assure you that this was just an unfortunate oversight and is not common at all of our usual business practice/response rate and time.

Should you need further assistance, please do return to Sysnative for whatever help you need or questions that you may have.

Kind Regards. . .

jcgriff2
 
"UpperFilters" value at location indicated by Will Watts was set to "klbackupdisk ambakdrv" - 2 blank lines and- "volsnap" I understand the first two came from Kaspersky and Aomei.

Just set "UpperFilters" to "volsnap" and problem is solved.

Many thanks to all of you, and of course special thanks to Will.
 
I recently used Kaspersky Removal Tool, it must have caused error 0x8100203, I am trying to follow your steps, however I am a little lost on the part after saving it. Where would i go inorder to paste the registry key

btw, I get this, Screenshot

Will Watts said:
  1. Open a new Notepad window
  2. Copy / Paste the below script into Notepad, and save as "kaspersky_fix.reg":
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}]
"UpperFilters"=hex(7):76,00,6f,00,6c,00,73,00,6e,00,61,00,70,00,00,00,00,00


This will update the "UpperFilters" value at this location to be "volsnap" (the hex code decodes to "volsnap"). Once you've copy/pasted the registry key, save this in a location you can easily access (e.g. desktop), and double click on the script to run the fix.


You will need to restart your machine once the fix has run, then check if you get the same issue accessing System Restore.


Optional extra: If you want to check if this has run correctly, you can enter the Registry Editor (Search > regedit), and navigate to Computer/HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f} in the address bar. The correct settings should look something like below:


View attachment 49762
Click to expand...
 
Last edited:
mid23 said:
I recently used Kaspersky Removal Tool, it must have caused error 0x8100203, I am trying to follow your steps, however I am a little lost on the part after saving it. Where would i go inorder to paste the registry key

btw, I get this, Screenshot
Click to expand...
Copy and paste it into a text file, and save that file with the extension .reg, for example fix.reg. Then double click on the saved file. You will be asked if you want to import the information into the registry - click yes, and the fix will be applied.
 
Thank you soooo much!!! It fixed the problem. I had copy only script with out the Windows Registry Editor Version 5.00
I am so glad, its working fine. I was going nuts today to fix the problem, from one forum to another without exact solution. thank you :-)
I am wondering if this has caused so much unstable on my system.
 
On a another note, is there any other effect of Kaspersky Removal Tool, because the other problem seem to be weird.
Screenshot, This diskclean progress without single movement
another one, Screenshot doesn't finish the download only in firefox., canceling doesn't do nothing.
Another similar, Screenshot, trigger by diskcleanup
I am really puzzled by this and so tired dealing with these today
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top