Bad Default Disk Management in Windows Server Backup

Avatar photo
Anthony Lewis

Windows Server Backup (WSB) is a pretty good backup solution for Windows Servers. It has the advantage that it is built to take advantage of all of Windows’ features. On the up side this means WSB can sensibly back up all information managed by Microsoft software. However in Server 2008 and newer WSB has a default setting that will cause it to eventually break if you chose the back up “System State”. The low down is that “System State” backups are not part of the file system backup but stored as Volume Shadow Copy snapshots in the back up disk’s hidden System Information directory. Which is fine… not how I would have designed it… except that by default WSB configures the disk to have no shadow storage limit. [Unbounded.png] Still fine except that WSB relies on Volume Shadow Copy to purge old System State backups when the shadow storage limit is reached. Together, this means that eventually the  disk will fill with System State backups and the file system backup will be unable to trim the file backup to be small enough to fit a single recovery point on the disk and then fail complaining that the disk is full. So what can you the end user do? Well we can impose a limit on the volume shadow storage on each backup disk.

For the examples I am using a Windows 2008R2 Server. Windows Server Backup is configured to use a 1.5TB external hard drive.

At an elevated (run as administrator) command prompt,RunAsAdministrator
we can run:

> wmic volume list brief


to get a list of the disks (volumes) connected to the machine including the GUID. Locate you backup disk(s) in the list and copy the GUID, in our example it is 1a0e435d-0874-11e4-a065-18a905ebc978. Next, still at the elevated command prompt you need to run:

> vssadmin resize shadowstorage /for=\\?\Volume{GUID} /on=\\?\Volume{GUID} /maxsize=###GB

for each disk used to store backups, where the GUID is replaced by the GUID for the disk and ### is a reasonable number. For instance if you have 500GB backup disks and your file set is 200GB you might choose 100. This means that VSS will have 100GB of the disk or 20% and file backups will have 400GB or 80%. This leaves room for your backup file set size to grow while giving VSS room to copy the system state a couple of times. As our example disk is 1.5TB and our file set is small I am going to use 750GB or roughly 50% of the disk. Thus I’m going to use:

> vssadmin resize shadowstorage /for=\\?\Volume{1a0e435d-0874-11e4-a065-18a905ebc978} /on=\\?\Volume{1a0e435d-0874-11e4-a065-18a905ebc978} /maxsize=750GB


I have seen shadow sizes of about 11GB on a production domain controller, so leaving at least 100GB gives room for a few System State backups though your server may be different. Pro Tip: If you connect the backup drive to a Mac you can use du at the command line or DaisyDisk to see the size of the System State backups. Anyways the above command will take a bit to run and cleanup will happen next time Volume Shadow Copy looks at the disk such as during the next backup but you can check, still at the elevated command prompt, that the command worked using:

> vssadmin list shadowstorage


New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Introducing the Airiam Podcast

Episode Summary In this first trailer episode of the Airiam Podcast, we preview what topics the podcast will cover, and share why the show was created. The mission of the podcast is to inform and inspire listeners with stories of cyber resilience and h
Avatar photo
Bill Bowman
>>Read More

Cybersecurity Awareness Month

How Can You “See Yourself in Cyber”? Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month. The goal for the month is to bring awareness and insights to people so they can take action to protect
Avatar photo
Conor Quinlan
>>Read More

Podcast: A Story of Resilience from Airiam’s Alex Zelenskiy

 Episode Summary Since Russia attacked Ukraine in February 2022, the war has upended the lives of millions and resulted in the tragic loss of many lives. Amidst the chaos and destruction, there are stories of resilience and goodness. Airiam’s Alex Zel
Avatar photo
Bill Bowman
>>Read More