Skip to main content

Solved: ATI 2017 8058 Install fails: 'Cannot move file to a different drive'

Regular Poster
Posts: 15
Comments: 123

I just bought 2017 version 8058, upgraded from ATI 2016, and got the install failure: 'Cannot move file to a different drive'.

The installer log file has many mentions of installing to my 'I:' drive.

That's just not right. Here are some examples:

...

MSI (c) (28:3C) [10:52:56:516]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'I:\'.

...

MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'I:\'.
MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding _installdir__a property. Its value is 'I:\_installdir__a\'.
MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding _INSTALLDIR_atih_installer_shell_standard.exe property. Its value is 'I:\_INSTALLDIR_atih_installer_shell_standard.exe\'.
MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding _INSTALLDIR_1 property. Its value is 'I:\_INSTALLDIR_1\'.
MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding _INSTALLDIR_ property. Its value is 'I:\_INSTALLDIR_\'.
MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding USERPROFILE property. Its value is 'I:\'.
MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding TempFolder_ property. Its value is 'I:\TempFolder_\'.

..

MSI (c) (28:3C) [10:52:56:518]: PROPERTY CHANGE: Adding PrimaryVolumePath property. Its value is 'I:\'.

...

MSI (c) (28:3C) [10:52:56:519]: PROPERTY CHANGE: Adding ALLUSERSPROFILE property. Its value is 'I:\'.

 

To fix this I uninstalled ATI 2016 and tried again. Same thing.

I downloaded the Cleanup tool, uninstalled Acronis Disk Director, restarted and tried again.

Same result.

 

I logged out and logged in as Administrator and did the install. That worked.

 

I'm testing the features now and did a backup.

Forum Hero
Posts: 29
Comments: 9631
mvp

Top

Thanks for posting this topic, ATIH does require installing / running from an Administrator account in order to have the correct permissions, privileges etc.

Beginner
Posts: 0
Comments: 3

Top

My user account is a local account. It has administrative rights.

 

Beginner
Posts: 0
Comments: 3

Top

By the way, I used the Custom Mustang PE boot image on a YUMI-based Flash drive for testing and verification. It works very well. Thanks for making that so easy to install.

Beginner
Posts: 0
Comments: 3

Top

I had no problems upgrading my laptop using my local account.

Personally, I think Acronis True Home has trouble with my 14 volume main system. Each year I upgrade and each year I go though issues...

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

 

Do your user folders live on the I: drive? Have you moved your user profile to another location on disk?  Given your experience I would think you have and thar is the problem you have.

Regular Poster
Posts: 15
Comments: 123

Top

No, The I: drive is just used as a synchronization drive. That sync is manual via a Robocopy Script I made.

There is no system application that should ever use it.

My user profile is unaltered, it is on the boot drive (C:).

I have used the system Location tab on User Folders to put them on the J: drive.

It may be that ATI has too many partitions to manage?

If I run Sysinternals WINOBJ and look at the partitions I see this:

Clipboard-1.png

 

I have had installation issues with every version of ATI.

But, once installed they usually work fine.

 

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

Which hard drive is drive J:?  In the above list would it be what drive?  True Image by default installs itself on the C: drive only which should be drive 0 in the screenshot above.  The app stores data in the Users folder so if you have moved tha folder using symbolic link then this could likely cause failure as you describe.

You could temporarily remove the symbolic link for the user folder to default while you install the app then change it back when finished.

Regular Poster
Posts: 15
Comments: 123

Top

I will attach screen shots of the drive layout, the user folder listing and the Location tab on one of the user folders.

I have no control over how BIOS enumerates the SATA ports and I chose the ports and disks based on speed and other factors.

The System drive (C:) is on Disk 3, the fourth drive. The first disk  is R: used only by Retrospect for nightly file incrementals. Acronis gets its own S: drive for on-demand drive image backups.

All my user folders use the Microsoft Location property to be on the J partition.

Windows makes junctions for these (and many other user folders, like 'Application Data', etc).

If I 'temporarily' locate back to the default, Windows will move my folder data to that location - that will take a long time. Moreover, it defeats the purpose of moving my stuff off of the system drive so that system backups are fast. With the drives partitioned as I have it, I can backup the system image in 15 minutes. It is faster to restore an older image than to troubleshoot bad installations like this one. In my opinion, Acronis can do what it likes to the system partition, but it should ask permission to write to my personal folders.

User-folder-2017-07-13_07-50-53.png
C-drive-object.png
Drive-layout-2017-07-13_07-52-16.png
Location.png

 

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

Would you mind explaining why you have EFI partitions on drives 0,1,4, and 5?  You say your OS is on drive 3 which has a System Reserve partition so you must be booting the machine as a Legacy CSM/MBR installation, this is a Win 10 install correct?

For starters I would suggest that you change the data cable on your drive 3 C: drive to data port 0 on your motherboard.  I would also remove all the EFI partitions from the other disks unless they contain operating systems and are bootable. 

If the installer is being confused in my viewpoint I would say that the reason is because your boot drive is not found on data ports 0 or 1 which is usually the case and that partition I: looks to me to be on disk 1 which has an EFI partition which normally is found on boot drives only. 

 

Regular Poster
Posts: 15
Comments: 123

Top

I am dusting off the motherboard manual as I write this...

I built my machine in 2011. At that time it was a clean Windows 7 installation. It does not have Secure Boot in the BIOS.

Installation of my software took about a month, so when Window 8 came out I did an in-place upgrade. I did the same for Windows 8.1 and again for Windows 10.  These were all the Pro versions with the Media Player options. That option got dropped in Win10, I think.

My motherboard has three distinct SATA ports, one is called Intel SATA6G, another is called Marvell SATA6G, and another is called Intel SATA3G. The 6G ports come in pairs and the 3G ports are quad. I do not use RAID.

Two  ports have external SATA6G connectors - so I use them for Acronis and Retrospect backup drives (and a Linux partition for a VBox). The motherboard document says these ports are for data only, not booting. They enumerate as Disk 0 and Disk 1 and I have no control over that order - it's done in BIOS or Plug and Play, I think.

So I put my boot drive in the Intel SATA6 ports.

Disks 0, 1, 4 and 5 are all GPT drives. Either they were pre-formatted that way when I got them, or Windows Disk Initialization partitioned them that way. I don't remember if I did a partitioning for booting, but I never planned to boot from any but for the system drive (Disk 3). I may have used Acronis Disk Director to do the formatting. In 2011 that would have been the Disk Director 11 Suite.

Only Disk 3 and 6 have the 'active' flag, so they are the only Bootable drives. Disk 3 is the OS drive and Disk 6 is a FAT32 Flash Drive formatted with YUMI to be able to boot multiple ISO files (like Acronis Recovery, etc.). In BIOS it is lowest in the Boot hierarchy. My BIOS does not support booting from GPT drives, so these are MBR.

Since 2011, I have not had many issues, other than the yearly mess of installing True Image. When I reported these issues in the past, I got no help, other than 'Acronis does not like overclocked CPUs'. I have been using the previous ATI version and did not plan to upgrade to 2017. I know that 2018 will come out in August, at least that cycle repeats every year, so I figured ATI 2017 must be rather bug-free by now... So I took the recent upgrade offer.

I have tried Macrium Reflect - no problems, Retrospect version 8 and 12 - no problems. Only Acronis never seems to install properly.

Eventually I manage to make it work, and after that it seems to work very well, so I continue to support the product and I recommend it with qualifications to friends.

With the system partitioned the way I have it, a full image backup takes about 15 minutes and a restore about the same. So it is easier for me to revert to a previous image than the try to diagnose some problem.

I only do manual backups in Acronis and only full image backups. I use Retrospect for nightly incremental file backups.

My AV software - Kaspersky - would probably have had some issues if partitioning were an issue.

I have beta tested many audio software products, installing and uninstalling them many times. Sometimes these were risky, but I can't say I ever saw an installation go bad due to partition issues.

 

In reply to by Enchantech

Regular Poster
Posts: 15
Comments: 123

Top

>  I would also remove all the EFI partitions from the other disks unless they contain operating systems and are bootable. 

How can that be done?

Windows Disk Management and Acronis Disk Director 12 do not allow me to delete these partitions.

 

Forum Hero
Posts: 29
Comments: 9631
mvp

Top

You would need to boot from a USB stick with a Partition Manager such as a Linux Live boot distro with Gparted which would allow you to delete the unwanted 100MB EFI partitions on non OS drives.  You could leave that space as unallocated or expand the remaining partition to use that space.  Would suggest testing this on one such drive first (with a good backup of the drive for good measure!).

Regular Poster
Posts: 15
Comments: 123

Top

Thanks, that worked fine. GParted is pretty easy to use, very similar to Disk Director.

I was debating whether to leave the data in the partition, which would leave the total partition count the same, or just to leave the data unallocated. It was only 100 MB. I decided to leave it unallocated, I guess that can be used as bad block replacements?

Still, if we go back to the original problem - I could not install in my local user account, versus I could as the real Administrator. That should have nothing to do with partitions. 

Both accounts are local, both are admins.

 

 

 

Forum Hero
Posts: 29
Comments: 9631
mvp

Top

Not sure why you are seeing a difference between a local user / administrator account and what you are calling a 'real Administrator'?

I only use local Administrator type accounts - I refuse to sign in on any computer with a Microsoft Account.

ATIH requires Administrator privileges for install so have never tried installing from a non-administrator local account but have seen users reporting problems here when they have done so and things don't run correctly.

The main Windows Administrator account on most computers I see is hidden and left unavailable for selection unless doing a Safe mode boot?

Regular Poster
Posts: 15
Comments: 123

Top

I also have no Microsoft accounts.

I have unhidden the 'real' Administrator and applied a password.

I rarely use it.

The only differences I can see would be the user folders are different and the user registry is different.

I have not used the 'Locate' property for the Admin user folders (libraries).

Anyway, it seems like all is well right now.

 

Forum Hero
Posts: 29
Comments: 9631
mvp

Top

Good to hear that all seems to be well now!  Hope all stays that way.

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

Glad that Steve stepped in to help with getting rid of the EFI partitions.  On the next Acronis upgrade you can see if things have changed.  Would you share your motherboard brand and model number?  I would like to have a look at the user manual for it.  Seems strange to me that you would have external SATA ports being ports 0 and 1 using the secondary controller.  The Intel controller is your primary and it should have/own ports 0,1,2,3  and so on.  Has Disk Management view changed now that you have removed the EFI partitions?

Regular Poster
Posts: 15
Comments: 123

Top

Here is the motherboard document. It is a bit more updated than the paper copy I have from the purchase:

 

http://dlcdnet.asus.com/pub/ASUS/mb/LGA1155/P8P67_PRO/E6308_P8P67_PRO.z…

 

Current disk management:

DiskMgmnt.jpg

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

I had a look at the documentation for your motherboard.  Your board supports both SATA 2 (3.0Gbps) and SATA 3 (6.0Gbps) standards.

The SATA 3 ports of which there are 4 total are controlled by 2 different storage controllers, one is the Intel P67 chipset and the other is a Marvell onboard controller.

The Intel chipset SATA 3 ports are the two that are Gray in color and are the primary SATA 3 ports on the motherboard.

The Marvell SATA 3 ports are Navy Blue in color and are the secondary External SATA 3 ports.

It appears to me that you possibly have the data cables to your hard drives mixed up and this why your C: drive is showing as Disk 3 in Disk Management.  You should check and verify that you have the C: drive attached to the Gray SATA port (SATA6G_1) port.  If not then change it to that location and I believe that you will then see it listed in Disk Management as Disk 0

Regular Poster
Posts: 15
Comments: 123

Top

Let's make this perfectly clear.

Here is a picture of my Device Manager port enumerations and drive connections.

I could not get the forum software to accept this, so view it in a new window:

http://www.arachnaut.net/Acronis/Morbius%20Drive%20enumeration.png

I noticed that removable drives, like Flash drives A: and B:,  enumerate first, but post last.

Then the device manager sees the JMicron port next to which I have attached external drives on the two ports. These get disk 0 and 1. They are connected correctly.

Next it sees the Marvell Controller where I have the J and K disks on one drive. That's disk 2, it's connected correctly.

Then it sees the quad port Intel controller where I have my fastest drives - the boot drive (C:)  and my big archive drives (H: and I:) as well as the page files,  Chrome internet caches, Windows search indexing databases, etc.

The first drive on the port is the system drive - Disk 3, the others are Disks 4 and 5.

The two removable Flash Drives are Disks 6 and 7.

The DVD drive is rarely used, but it is F: when it is mounted and it would be in the Intel quad port.

Regular Poster
Posts: 15
Comments: 123

Top

I also uploaded an Excel spreadsheet that hold the Sysinternals output from Winobjs.exe.

http://www.arachnaut.net/Acronis/Winobj.xlsx

Sheet 1 in that has all the objects, sheet 2 has only the file system objects.

Note that Windows makes these kernel object names and associations:

BootPartition    SymbolicLink    \Device\HarddiskVolume9  

 
which is:

Harddisk3Partition2    SymbolicLink    \Device\HarddiskVolume9    C: [System] Boot, Crash Dump {Application Device}, {OSDevice}  {SdiDevice - path "\RecoveryWindowsRE\boot.sdi"}

and

SystemPartition    SymbolicLink    \Device\HarddiskVolume8    

which is:

Harddisk3Partition1    SymbolicLink    \Device\HarddiskVolume8    [System Reserved] System, Active, {bootmgr}, Windows Boot Manager {Windows Memory Diagnostic} {Windows Recovery}
 

The Acronis installer does not see this, nor does it seem to look for an 'Active' bootable partition, nor does it look where the previous version was installed. Instead it chose a more-or-less random drive (I:) which is on the last enumerated port.

I don't see how it could possibly have chosen a worse drive to pick for installing.

When and if Acronis 2018 comes out, and when and if I buy it, I will this time turn on ProcMon and trace the install process. Since this problem has come up for me every year since 2011, I imagine it will happen again next year.

However, I plan to build a new computer next year as this one is now 6 years old.

If the AMD Starship comes out as rumoured, it may be my next build - 48 cores, 96 threads, 4 Terabytes of memory support. Forget SSD drives, I'll build a battery-backed RAMDisk and install Windows into it and run everything from main memory with drives only for image backups.

Let's see what the installer will do in that scenario.

 

 

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

No need to get testy!  I did misspeak as to the Marvell ports being External ports, you are correct the JMicron ports are the External or eSATA ports on the board.

The manual says that your board has a total of 6 Intel SATA ports.  2 - 6.0Gbps SATA 3 ports and 4 - 3.0Gbps SATA 2 ports.  Plus you have 2 additional 6.0Gbps SATA 3 ports run by the Marvell controller.

See pages 2-19, 2-20. and 2-21 to verify.  Also this is noted in the Index on page ix.

If you have your C: drive connected to one of the quad Blue SATA ports then you have that drive connected to a 3.0Gbps port, one of the slowest on the board not the fastest. 

Are you certain that your not mistaken here?

Regular Poster
Posts: 15
Comments: 123

Top

Maybe I'm wrong about the speed. I built this in 2011. And I check and you are right - that drive is a 3 GB/s SATA drive. So no need to use the 6GB/s ports.

If you think I am being 'testy' now, try to imagine what I've been going through every year with Acronis installs.

Here is a small document portion extracted from my Build notes related to Acronis 2012.

I posted some of this on Acronis forums a long time ago.

Things have not improved very much from my point of view.

http://www.arachnaut.net/Acronis/Morbius-defeated.docx

Note the portion I wrote back then (2011) in red font:

Acronis needs to have a much more robust installer/uninstaller. And having users edit system control registry keys is just barbaric. This scene of installation errors has played out in every new release for the past several versions. Since it digs so deeply into the system it is very hard to remove - that should be automated, not a user process.

 

 

 

 

Regular Poster
Posts: 15
Comments: 123

Top

I'm still trying to bust my head around why a local administrator account cannot do the install and a 'true' administrator local account can do it.

They both see the same drives, they both have the account under C:\Users.

The only difference is the user registry and security credentials.

Also, the Admin account has no Libraries or Re-Located user folders.

My user account 'Jim' is my normal log-in, and it has all of the User folder 'Locate' path set to use something in the J: drive. All my personal stuff is on the J: drive.

It is internal and on the same SATA controller as the C: drive.

I have some 'Libraries' - one for Audio Assets and one for Icons that I use for folders and drives.

The Admin account has no libraries.

I do see one warning event on startup - Event 158:

Event 158 - 2017-07-17_00-02-07.png

 

The KB article redirects to a Microsoft article about MPIO for servers - the need to address multiple names for the same 'items' - drives, folders, etc.

There is no way I know of adding MPIO to a Desktop OS.

I looked up all the UniqueIds using Diskpart and I see no duplicates:

DISKPART> select disk 0
Disk 0 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: {799A8AF8-B0F2-45EA-A685-D38D48E65582}

DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: {79C34561-46CC-404E-8025-F7D07A7112D8}

DISKPART> select disk 2
Disk 2 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: C0AD4B8D

DISKPART> select disk 3
Disk 3 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: 0254640A

DISKPART> select disk 4
Disk 4 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: {1868BB63-8455-4D98-87B4-503AA109032E}

DISKPART> select disk 5
Disk 5 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: {8CDC345F-FBBA-407A-BBF6-07AC885B667E}

DISKPART> select disk 6
Disk 6 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: 187F2B44

DISKPART> select disk 7
Disk 7 is now the selected disk.
DISKPART> uniqueid disk

Disk ID: C02A16F1

DISKPART> select disk 8
The disk you specified is not valid.
There is no disk selected.
 

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

Jim,

I cannot be 100% certain but I would suspect the event 158 has much to do with the install problem.  I am not certain how True Image handles multiple installed disks in large numbers like you have.  I have machines boasting as many drives as you do as well by the way yet I have not experienced this problem myself.

As for the Windows Admin vs. User Admin accounts, each has a different level of security permissions which I believe is a part of the problem you have.  You obviously have more than one disk reporting or registered that appears the same as far as Windows is concerned and this I would say is the root problem.  As you know, True Image has deep roots into the Windows OS so problems like this can cause one off issues like yours.  Question is, what to do about it.

Although I have not experienced your exact problem here I have had my share of weird problems with multiple disks and I have a lot of experience with them.  My suggestions may not help you, then again, they just might.

Often times when I experience weird issues with disks what I do is detach all disks except the Windows OS disk after having powered the system completely off.  That includes unplugging the power cord and pressing the power button on the machine to drain residual power from the system. With only the Windows drive attached I boot the machine into Windows and have a look around at error codes and events for anything suspicious. 

Having multiple disks you will probably see some new errors most of which can be ignored.  Along the way here watch for the 158 error in particular.  Once you have done the above shutdown the machine and attach one more of your disks and boot the machine again.  Repeat the process for each disk.  I would have a look at Disk Management and Device Manager with each step as well so that you can see what exactly is happening with the addition of each disk.

In doing this you are essentially re-registering each drive in the machine in Windows.  Hopefully that will clear the 158 error and your install problem along with it!

 

Regular Poster
Posts: 15
Comments: 123

Top

Thank you and Steve for helping me with advice and ideas. I have powered things down completely and held the power switch to drain the standby charge. It takes almost a minute to discharge all the stored current as indicated by the MB leds. I do sometimes disconnect the external drives and/or power them down, but not often. The Event 158 has been reported for aeons by various users with no apparent solution.

I do know how to install stuff, I have over 900 audio VST instruments and hundreds of applications (but no apps). I've had to track down install issues with a great many Alpha and Beta audio products.

As I recounted, this machine is quite old now, many generations of technology behind. I have not had any serious incidents with it's hardware, other than a few hardware deaths now and then (drives, typically after a few years, or running out of disk space). The overclocking is mild at 4.4 GHz - it is stable up to 4.8 and can be pushed to 4.9 GHz.

I've built many machines and worked in our local Senior Center fixing people's computer problems - hardware and software.

Every year - practically - I buy a new version of Acronis products. I only use Acronis True Image as an image backup of full partitions and disks - no incrementals, no Secure Zone, no Try&Decide, no syncing, no cloud - just like Norton Ghost worked so long ago.

Each year I face some issue with it, unlike just about any other product I have. It's always something different. Often I seek help here or see similar reports from others.

Each time, I eventually manage to get it installed,sometimes by trial and error.

Once installed, it is rock solid and I depend on it. It is the fastest backup solution I've ever used.

I restored a system image from an image backup more times than I can recall, usually after I've done something stupid or had a weird install issue from some other beta product.

Next year, I plan to start a new build using either an AMD enthusiast part or an Intel enthusiast part. By enthusiast, I mean one of the extreme versions. I need the speed for my Reaktor work in audio.

Perhaps I will do a clean install on that system, but It will probably take me many months to install and authorize all the stuff I have. That is why I've done in-place installs so far from 7 to 8 to 8.1 to 10.

For now, I've spent all the time I want on this and I'm ending on the same note as all the other yearly installs - no smarter, no clues, no answers.

I am serious about using Procmon on the next install, though. That will probably tell me what the installer is doing and why it decides to do what it does. I have used it many times on Beta install issues and I know how to interpret most of what it displays. It can take a long time to go through the dump...

I think program developers use their private copies of the software they develop, they don't usually uninstall and re-install them after each build - who has time for that? It's up to the testing people and Beta testers to spot install issues.

I was offered a chance to be a Beta tester for Acronis, but I don't have time for that, I'm to busy doing audio stuff.

Thanks again. I'm out of here now...

Forum Hero
Posts: 29
Comments: 9631
mvp

Top

Jim, thank you too for your patience while we tried to understand your particular computer situation & scenario.

I am a great believer in the KISS principle, and based on what you have shared with us, it seems that you have an answer to doing further Acronis installs by using the 'real' Administrator account each time.  It may be that the combination of the other user Admin account with your relocated user folders etc, plus the other elements that Enchantech has been delving into with you, are all contributing to the install issues you came to the forum with.

You could, of course, simply create another local Adminstrator account purely for the purpose of doing Acronis installs but that seems a little overkill when you know that the real one works for you.

Forum Hero
Posts: 29
Comments: 5599
mvp

Top

If you ever solve the mystery do let us know what you found, it may just give us an edge for another user problem.

Regular Poster
Posts: 15
Comments: 123

Top

I certainly will.

I also believe in the KISS principle, but in my case, I want the system drive to be as simple as possible with all user and temporary data moved off it - User Folders, Page files, swap disks, Search databases, internet cache, etc. That minimizes fragmentation and takes advantage of parallel drive access to data. Not so important for non-rotational drives, but it is in my case.

I would love to be able to make it so other applications can never alter my data, my defaults, etc.

 

 

Regular Poster
Posts: 15
Comments: 123

Top

Unfortunately, I can't seem to get this problem out of my head. So I looked into the boot sequence for some clues.

Using the Event Viewer, I see this sequence of Events in regard to Event ID 158

First is the restart event, followed by some Kernel-Boot events

Then there are some filter manager events

Then the NTFS health is checked

and so on...

The event 158 is logged in the Filter Manager events before the NTFS file system checks.

To me that means it is very early in the kernel boot before any user account data is processed.

The Wininit is much later.

There are three Filter system filters loaded, in this order:

FilterManager

              FileInfo     FilterID {02000000-0001-0000-A91D-3E4A76FFD201} 
              Wof          FilterID {02000000-0002-0000-A91D-3E4A76FFD201} 
              file_tracker FilterID {02000000-0003-0000-A91D-3E4A76FFD201}

After that the Event 158 is logged, before any NTFS stuff happens.

From System Information I see this:

fileinfo    File Information FS MiniFilter    c:\windows\system32\drivers\fileinfo.sys    File System Driver    Boot

wof    Windows Overlay File System Filter Driver    c:\windows\system32\drivers\wof.sys    File System Driver    Boot

file_tracker    Acronis File Tracker Driver    c:\windows\system32\drivers\file_tracker.sys    File System Driver    Boot

So it looks like the event message comes from the Acronis File Tracker Driver or something it does.

The Event Viewer for id 158 looks like this:

Event 158     
\Device\Harddisk1\DR1 
Binary data:

In Words

0000: 0000001B 00300002 00000000 8004009E 
0010: 00000000 00000000 00000000 00000000 
0020: 00000000 00000000   

In Bytes

0000: 1B 00 00 00 02 00 30 00   ......0.
0008: 00 00 00 00 9E 00 04 80   ....ž..€
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........

 

\Device\Harddisk1\DR1 is my second disk - the external drive that is used for Acronis backups. It also has a Linux partition for VirtualBox.

--------------------------------------------

From the Registry:

Fileinfo:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileInfo]
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,69,00,6c,00,65,00,69,00,6e,\
  00,66,00,6f,00,2e,00,73,00,79,00,73,00,00,00
"Start"=dword:00000000
"SupportedFeatures"=dword:00000003
"DisplayName"="@%SystemRoot%\\system32\\drivers\\fileinfo.sys,-100"
"ErrorControl"=dword:00000001
"Group"="FSFilter Bottom"
"Type"=dword:00000002
"Description"="@%SystemRoot%\\system32\\drivers\\fileinfo.sys,-101"
"DependOnService"=hex(7):66,00,6c,00,74,00,6d,00,67,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileInfo\Instances]
"DefaultInstance"="FileInfo"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileInfo\Instances\FileInfo]
"Altitude"="40500"
"Flags"=dword:00000000
 

Wof:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wof]
"SupportedFeatures"=dword:00000003
"DisplayName"="Windows Overlay File System Filter Driver"
"ErrorControl"=dword:00000001
"Group"="FSFilter Compression"
"Start"=dword:00000000
"Type"=dword:00000002
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wof\Instances]
"DefaultInstance"="Wof Instance"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wof\Instances\Wof Instance]
"Altitude"="40700"
"Flags"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wof\Parameters]

 

File-tracker:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\file_tracker]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000010
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,66,00,69,00,6c,00,65,00,5f,00,74,\
  00,72,00,61,00,63,00,6b,00,65,00,72,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="Acronis File Tracker Driver"
"Group"="FSFilter Continuous Backup"
"DependOnService"=hex(7):46,00,6c,00,74,00,4d,00,67,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\file_tracker\Instances]
"DefaultInstance"="Acronis File Tracker Driver Instance"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\file_tracker\Instances\Acronis File Tracker Driver Instance]
"Altitude"="281420"
"Flags"=dword:00000000
 

-----------------------------------------------------------------------------

So to me it looks like this is being reported by the Acronis Continuous Backup feature.

I have that feature disabled. In fact, I have disabled just about all of the Acronis services because I don't need them, and I don't want them.

There seem to be more Acronis Services with each new version, with no way of the user opting out.

I have disabled the Acronis Managed Machine Service Mini because it seemed to handle the dashboard and non-backup features. With it off, I don't encounter any problems with backup and restore.

I have disabled the Acronis Mobile Backup Server for obvious reasons as well as its status server.

I have disabled Nonstop Backup and the Sync Agent.

The only service running is the Scheduler2 service and I would disable it too because I don't use any schedules, but if I disable that Acronis won't work.

Perhaps this is not correct behavior on my part, but it is also not correct behavior for an application to add unwanted features with no option to have them not run.

I really don't want Acronis as a service, I want it as an on-demand backup tool. It should get out of the way when I'm not doing a backup.

{This is just me applying my KISS principle}.

Regular Poster
Posts: 15
Comments: 123

Top

All that has nothing to do with my original installation, though, so if what I wrote is true, Event Id 158 is not very important to me.

 

Regular Poster
Posts: 15
Comments: 123

Top

I renamed file_tracker.sys so it would not load, but the event 158 still appears, so it is caused by something else.