Backup Verification: Troubleshooting STOP Code c000021a {Fatal System Error}

Issue

Screenshot verification of a protected system fails with the error message, "STOP: c000021a {Fatal System Error} The Verification of a KnownDLL failed. system process terminated unexpectedly with a status of 0xc000012f (0x00641a10 0x00000000). The system has been shut down."

Environment

Datto SIRIS
Datto ALTO

Description

The STOP: c000021a (Fatal System Error) error occurs when the Windows NT kernel detects that either the Winlogon.exe or Csrss.exe processes have failed. When this failure happens, the Windows NT kernel stops the system and generates the stop error message.

Although there can be many causes of this problem, some of the most common causes are:

You have mismatched system files installed on the system.
A Service Pack installation failed to complete.
You recently restored a few files on the hard disk, but the process failed to correctly restore the files that were in use during the restoration.
You have an incompatible third-party software on your computer.
Missing or corrupt system files.

Resolution

Attempt differential merge:

Force a differential merge of the agent using Differential Merge
When completed, force a screenshot test of the newly created backup using How To Force A Screenshot Backup Verification
If the issue persists, follow the next section.

Attempt to boot without Driver Signature Enforcement

If not caused by inconsistent or broken system files, the stop error 0xc000021a can also result from a device driver lacking appropriate trust mechanisms within the screenshot virtualization.

At your discretion, you can approach this variant of the issue by testing virtualization with Driver Signature Enforcement disabled, in order to confirm bootability in case of a disaster recovery situation. For more information about that feature and what disabling it changes on the system, see this article from Microsoft: Installing an unsigned driver during test (external article).

The steps to boot without signature enforcement are as follows:

Start a local virtualization with networking disabled.
While the VM is booting, use the connect to VNC option by clicking on the preview window.
When the VNC connection is up, click restart in the Datto UI to restart the virtualization.
The virtual machine will start to boot on the screen. Immediately press F8 to get to the Advanced Boot Options screen. If access fails, power down the VM and repeat the previous step.
Select Disable Driver Signature Enforcement as shown in the image below

Attempt to boot the VM. Should you need to access this menu following successful boot, you can set the option again using bcdedit:
bcdedit /set {bootmgr} displaybootmenu yes

Repair Filesystem

If the above solution did not resolve the issue, perform the following:
On the protected system complete the disk check.
chkdsk /r <driveLetter>
Once the check is complete, run:
sfc /scannow
When that has completed, force a differential merge of the agent.
When completed, force a screenshot test of the newly created backup.
If the issue persists, destroy the live dataset of the agent and force a new full backup.
When completed, force a screenshot test of the newly created backup.

Additional Recommendations

Driver Update: Many errors are related to driver problems such as obsolete, outdated or incompatible drivers. A driver update tool is recommended to scan your system for corrupted and outdated drivers and to ensure that all your drivers stay up-to-date.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the ideas forum!
	Provide feedback for the Documentation team.