The Veeam backup job of Microsoft Azure AD Connect fails with the error A VSS critical writer has failed ...Error code: 0x800423f4.
The backup job window displays the error Failed to call RPC function " Vss.Unfreeze"... for the virtual machine affected by the problem.
To get additional details of the problem, opening the log file the error is related to the SQL Server Writer, perhaps a Microsoft update somehow caused the issue.
A VSS critical writer has failed. Writer Name: [SqlServerWriter].
The error reported in the Veeam log file.
Same error in the Windows' Event Viewer.
To solve the problem, login to the Azure AD Connect server and go to the Control Panel. In the Programs category, click the link Uninstall a program.
From the programs list, select Microsoft SQL Server 2012 Express LocalDB and click Repair.
The program is being repaired.
When the process has completed, the server must be rebooted to complete the procedure. Click Yes to proceed.
When the Azure AD Connect server has rebooted, run the backup job once again.
This time the backup has completed successfully.
This simple fix resolved the issue allowing to complete the backup job successfully ensuring the protection of the Azure AD Connect server.
The above fix seems not solving the problem permanently and, again, the issue is not due to Veeam software but to an update of Azure AD connect.
After a Google search, I found this article in the Microsoft website that explains the issue:
The user identity that is associated with the COM+ application is logged on when the COM+ application is first initialized. If this user were to log off of the machine then the user's profile would get unloaded and the COM+ application can no longer read registry keys in the profile of the user identity. Starting with Windows Vista the User Profile Service will force the unloading of a user profile when that user logs off. This is a situation where the functionality of forcing the unload of the user profile may break an application if registry handles are not closed in the process. This new User Profile Service functionality is the default behavior.
To fix the problem, login to your Azure AD Connect Server and open the Local Group Policy Editor with the command gpedit.msc.
Navigate to Computer Configuration > Administrative Templates > System > User Profiles and select Do not forcefully unload the user registry at user logoff.
Double click the selected item and thick Enabled. Click OK to confirm.
The option is now enabled. Reboot the server to complete the procedure.
After rebooting, try to backup the server once again.
The backup should now be completed successfully.