Skip to main content

Hyper-V .avhdx files are not removed from disk after successful backup completion

Problem Description

After Druva Phoenix backups complete successfully, Hyper-V .avhdx files (differentiating disks) are not automatically deleted from the disk folder. However, no active checkpoints are visible inside the Hyper-V Snapshot Manager, and the backup status reports as successful.

Cause

The NT VIRTUAL MACHINE\Virtual Machines system account lacks the required local user rights or folder-level permissions on the storage volume where the Virtual Machine configurations and virtual disks reside.

Troubleshooting

Druva Phoenix triggers the hypervisor to automatically consolidate and delete Hyper-V snapshots (checkpoints) post-backup. If native consolidation fails directly during processing, the backup fails immediately with error code HYPERV23.

When backups are successful but .avhdx files continue to linger, they are acting as "orphan files." This indicates an environment permission failure during background file cleanup rather than a breakdown in the core backup workflow.

Initial steps that fail to resolve this specific behavior:

  • Shutting down or restarting the guest VM.

  • Restarting the Hyper-V Virtual Machine Management service (VMMS) prior to correcting file-level permissions.

Resolution

Follow these steps to ensure the appropriate system services can purge the orphaned files.

Step 1: Assign "Log on as a service" Rights

Ensure that the NT VIRTUAL MACHINE\Virtual Machines identity has explicit service execution rights on all Hyper-V hosts.

  1. Press Windows Key + R, type secpol.msc, and press Enter.

  2. Navigate to: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.

  3. Locate and double-click the policy setting titled Log on as a service.

  4. Check if the NT VIRTUAL MACHINE\Virtual Machines account is listed. If missing, click Add User or Group and add it.

Step 2: Grant Full Control Directory Permissions

Ensure the Hyper-V Virtual Machines service security identifier (SID) has full control over the specific directory housing the VM configurations and disk files (e.g., Clustered Shared Volumes).

  1. Open PowerShell or Command Prompt with Administrator privileges.

  2. Execute one of the following commands depending on whether you are targeting the string identity or the explicit structural Security Identifier (SID): Using the explicit account identity string:
    icacls "C:\ClusterStorage\CSV3\VMs" /grant "NT VIRTUAL MACHINE\Virtual Machines":(OI)(CI)F

  3. Alternatively, using the universal Virtual Machines account SID (S-1-5-83-0):
    icacls "C:\ClusterStorage\CSV3\VMs" /grant *S-1-5-83-0:F

📝 Note: Replace "C:\ClusterStorage\CSV3\VMs" with your actual environment storage paths.

Step 3: Restart Services and Monitor

  1. Open the Services Management Console (services.msc).

  2. Restart the Hyper-V Virtual Machine Management service (VMMS).

  3. Monitor the volume's folder contents; the overall file count of orphaned .avhdx files will begin decreasing as background processes clean up the directory.

Related Articles
Hyper-V backups fail with PHOENIX54 error
Hyper-V Backup fails with Disk Merge error HYPERV23
Hyper – V VM backup fails with HYPERV1 Error
About Hyper-V virtual machine restore
Hyper-V VM backup fails with HyperV 38 error Checkpoint Creation Fails with Access Denied Error
Did this answer your question?