You have installed Acronis Cyber Infrastructure (Acronis Storage) and registered it in Acronis Cyber Cloud.
You try to register Backup Agent in Acronis Backup Cloud, but registration fails with:
"Outgoing connections are not available for the following ports: hostname:44445"
For a successful agent registration, the following prerequisites must be met:
1. All required Acronis Backup Cloud hostnames are accessible through respective ports:
- check this article to review the list of hostnames and ports for your Acronis data center
- use this connection verification tool to automatically check connections; follow the on-screen instructions of the tool, if any errors are detected
2. Determine whether you use storage in one of Acronis data centers or Acronis Cyber Infrastructure installed on your premises. You can check it in the management portal. This picture shows how a storage in Acronis data center and a local storage are displayed:
The steps below describe troubleshooting a connection to Acronis Cyber Infrastructure installed on your premises.
After checking connection to Acronis Backup Cloud, Acronis Agent checks connection to Acronis Cyber Infrastructure by TCP port 44445. If this connection cannot be established, you receive the error mentioned above.
To localize the root cause of the issue, you need to check one-by-one each of the prerequisites listed in this article.
Step 1. Make sure ABGW service is up and running
1. Locate your Acronis Cyber Infrastructure Backup Gateway service nodes in the cluster.
2.Log in to the Acronis Cyber Infrastructure Backup Gateway node over SSH using PuTTY or any other SSH client software.
3. To check the service status, issue the following command:
#systemctl status vstorage-abgw.service
Here is an example output of the command:
vstorage-abgw.service - vstorage-abgw
Loaded: loaded (/usr/lib/systemd/system/vstorage-abgw.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2017-11-02 05:08:57 EDT; 6h ago
Process: 3941 ExecStart=/usr/bin/vstorage-abgw -D -c /etc/vstorage/abgw.config (code=exited, status=0/SUCCESS)
Main PID: 3942 (vstorage-abgw)
└─3942 /usr/bin/vstorage-abgw -D -c /etc/vstorage/abgw.config
The service should be in the active (running) state, the output should not contain any error messages.
4. Check if the service is listening on ports 44444 and 44445. Use the following command:
#netstat -nlp | grep abgw
Output should be as follows:
tcp 0 0 127.0.0.1:44444 0.0.0.0:* LISTEN 3942/vstorage-abgw
tcp 0 0 0.0.0.0:44445 0.0.0.0:* LISTEN 3942/vstorage-abgw
In case any of the commands above fail or return errors, you encounter an issue in one these areas:
- service state is not active (running)
- service is not listening on ports 44444 and/or 44445
If the service is not started or not listening, check the Acronis Backup Gateway service logs. Service logs are located in the /var/log/vstorage/ directory.
Since the logs are compressed using zstd compression and could be quite long, the most convenient way to read them is as follows:
#zstdcat /var/log/vstorage/abgw.log.zst | tail –n 100 - to see only the last lines of the log file (which most probably contain the error message in case the service would not start)
If there is no error message(s) found in the last 100 lines, you can extend the output by adding less in order to browse and search it:
#zstdcat /var/log/vstorage/abgw.log.zst | tail -n 1000 | less
Step 2. Make sure Firewall is not blocking the connection
1. On the Acronis Cyber Infrastructure node running the ABGW instance, use telnet to check whether the port is open, and then use telnet on the affected agent machine.
To install telnet on Acronis Cyber Infrastructure machines, use:
yum install telnet
For the instructions on how to install telnet on Windows machines refer to this Microsoft Technet article
2. If telnet indicates that the connection is blocked, you need to check that the configuration in GUI corresponds with the actual configuration of firewall-cmd:
Check the name of the interface holding your Acronis Backup Gateway public IP address.
2.1. In WebCP, navigate to Nodes -> select the node with the ABGW icon -> Network -> choose NIC -> click Role. Make sure ABGW public is selected:
2.2. On the machine with ABGW instance, Issue the following command:
#firewall-cmd --list-all-zones | grep active -A 13
Here is an example output:
services: dhcpv6-client ssh
ports: 8888/tcp 44445/tcp
services: dhcpv6-client ssh vstorage-mdns
ports: 17514/tcp 8888/tcp
rule family="ipv4" source address="172.29.38.0/24" accept
In this example, Acronis Backup Gateway should listen for Agent connections on the ens32 interface. Firewall zone defining rules for this port is pub_ens32 (active).
Verify that port 44445 is listed within the zone for Acronis Backup Gateway external interface.
If it is not listed, follow the steps below:
- Open WebCP.
- In the left panel, click Nodes. Click the box representing your Acronis Cyber Infrastructure node.
- Click Network.
- Choose the network adapter where your ABGW public role should reside and click Choose roles button.
- Check that ABGW public role is not set and set it.
- If it is set already, then:
- Drop the ABGW public check mark and click Done button.
- Open the Choose Roles panel again.
- Set the ABGW public check mark and click Done.
Once you verify the port and see that the port is listed, Acronis Cyber Infrastructure is configured correctly and all intermittent firewalls present between the Acronis Cyber Infrastructure network interface and the internet, as well as between Acronis Agent and the internet should be checked to verify that traffic is not being blocked.