Cryptographic Services failed while processing, Event ID 513

You may have noticed an Event Log that says Cryptographic Services failed while processing with Event ID 513. This error occurs during Volume Shadow Copy Service (VSS) operations (e.g., backups, system restores) when Cryptographic Services cannot process the OnIdentity() call for the VSS System Writer. In this post, we will talk about this issue and see how you can fix it.

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details: AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed

System Error: The system cannot find the file specified.

Fix Cryptographic Services failed while processing, Event ID 513

One of the most prominent reasons for this issue is that the VSS System Writer lacks permissions to access the mslldp.sys (Microsoft Link-Layer Discovery Protocol) driver. Also, it can be due to permission issue where the NT AUTHORITY\SERVICE account is denied read access to critical files. There are other reasons that we are going to discuss later in this post.

If you encounter Event ID 513 that says Cryptographic Services failed while processing, follow the solutions mentioned below to resolve the issue.

1. Grant Permission to NT AUTHORITY\SERVICE account
2. Repair WinSxS Directory Permissions
3. Adjust VSS Timeout for Long Backups
4. Troubleshoot in Clean Boot
5. Switch to Volume Level Backups

Let us talk about them in detail.

1] Grant Permission to NT AUTHORITY\SERVICE account

As mentioned earlier, one of the reasons why Event ID 513 occurs is when the Volume Shadow Copy Service (VSS) attempts to access the mslldp.sys driver during backup/snapshot operations, but the NT AUTHORITY\SERVICE account lacks read permissions. This blocks cryptographic operations needed for VSS workflows.

Open the Command Prompt as an administrator and then run the following command.

sc sdshow mslldp > mslldp_perms.txt

The above command creates a backup of the mslldp string.

sc sdshow mslldp

The output would be something like.

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)...

This is the Security Descriptor Definition Language (SDDL) string defining access rights.

Add (A;;CCLCSWLOCRRC;;;SU) to the end of the existing string.

Before: …S:(AU;FA;…;WD)

After: …S:(AU;FA;…;WD)(A;;CCLCSWLOCRRC;;;SU)

Now, run the following command.

sc sdset mslldp "Modified_SDDL_String"

In my case, the critical entry (A;;CCLCSWLOCRRC;;;SU) already exists in your DACL (Discretionary Access Control List). 

2] Repair WinSxS Directory Permissions

The C:Windows\WinSxS folder stores critical system components and versioning information. When permissions in its subdirectories are corrupted, Cryptographic Services can’t access files needed for backup or snapshot, and you will encounter Event ID 513.

First of all, open Command Prompt as an administrator and then run the following command.

takeown /f %windir%\winsxs\temp\PendingRenames /a

icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"

icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"

The takeown gives the administrators group ownership of the directory, and icacls will grant SYSTEM read and execute privilege and TrustedInstaller full control.

Now, apply the same permissions to critical component files.

takeown /f %windir%\winsxs\filemaps\* /a

icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"

Finally, restart the Cryptographic Service.

net stop cryptsvc && net start cryptsvc

Once done, check if the issue persists.

3] Adjust VSS Timeout for Long Backups

When backups take longer than 1 hour (default VSS timeout), Volume Shadow Copy Service aborts operations mid-process. This triggers Event ID 513 and causes backup failures. To resolve it, we are going to edit the Registry Editor; however, before that, you need to create a backup of the registry. Once the Registry backup is created, follow the steps mentioned below.

• Open the Registry Editor by searching for it in the Start Menu.
• Now, go to the following location.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VSS\Settings

• If the Settings doesn’t exist, right-click on VSS and select New > Key. Name the newly created key “Settings”.
• Now, right-click on the right plane, select New > DWORD (32-bit) Value, and name it IdleTimeout.
• Double-click on IdleTimeout, change the Value data to “FFFFFFFF”, and click on Ok.

Finally, reboot your computer and check if the issue is resolved. 

4] Troubleshoot in Clean Boot

You need to ensure that no third-party programs interfere with your backup. To do so, we can use the Clean Boot state. It will disable all third-party services, allowing you to run with a clean slate. If the issue persists, you need to enable processes manually to determine which program is the culprit.

5] Switch to Volume-Level Backups

Now, we have a workaround that involves switching to volume-level backup, as it bypasses file-specific errors like Event ID 513 by backing up entire disk sectors instead of individual files. This approach avoids permission issues and file locks, enabling reliable (though less granular) backups.

We hope that with the help of these solutions, your issue will be resolved.

Read: Volume Shadow Copy service not working