by lunarg on February 15th 2024, at 10:59

There is a known issue with SentinelOne Agent installed on a domain controller, which causes backups in Veeam for those machines to fail. The following error is displayed:

Processing SERVER Error: VSSControl: -805306334 Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. Cannot prepare the [NTDS] data to a subsequent restore operation. Cannot process NTDS data. Updating BCD failed. Cannot execute [SetIntegerElement] method of [\\SERVER\root\wmi:BcdObject.Id="{cd12ab87-1a23-12f3-ba7c-dc9876b01357}",StoreFilePath=""]. COM error: Code: 0xd0000022

This is caused by the boot protection feature of SentinelOne. One possible workaround is to disable this until a fix can be provided by either Veeam or SentinelOne.

  1. In the SentinelOne console, look up the passphrase for the machine. You'll need it to perform local changes.
  2. Log on to the machine itself, open an elevated Command Prompt or Powershell and run the following:
    cd "C:\Program Files\SentinelOne\Sentinel Agent"
    .\SentinelCtl.exe config safeBootProtection false -k "PASSPHRASE"
  3. Not sure whether a reboot is required: I performed a restart of the machine immediately after changing.
« July 2024»
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »