Event 8228 - SRMSVC Quick Fix

For some reason, a couple of our Server 2012R2 file servers randomly logging a bunch of Event 8228 SRMSVC warnings. Every 10 seconds, it logs a warning similar to this in the event log:

File Server Resource Manager was unable to access the following file or volume: '\\?\Volume{ed7228df-ce3e-11e4-8253-001018973e08}\System Volume Information\SRM\FciNrt.usn'. This file or volume might be locked by another application right now, or you might need to give Local System access to it.

Other than simply being an annoyance, I also noticed it caused the FSRM management console snap-in to be unable to load. Luckily there is a pretty straightforward solution.

  1. We need to open up a command prompt but we need it to be launched under the SYSTEM account. To do that, we will utilize psexec. Open a command prompt and run psexec /i /s cmd.exe

  2. Remember the random string of hex chars between the {} in the warning? We need to determine the drive location. Simple run mountvol.exe from the cmd prompt - it will display a help page but will also include the volume id to drive letter at the very bottom:

  3. In this case, our drive letter was drive E: so navigate to "E:\System Volume Information"

  4. Run takeown /R /F SRM to take ownership of the directory and all files in it.

  5. Lastly run icacls SRM /reset /T to reset the security properties.

  6. Give the FSRM service a restart and you should be good to go!

Posted on
Tagged in windows , fsrm
chris reinking

comments powered by Disqus