60593: Acronis Backup Cloud: agent registration fails with "Outgoing connections are not available for the following ports: hostname:44445"

use Google Translate

    Symptoms

    You have installed Acronis Storage and registered it in Acronis Data Cloud.

    You try to register Backup Agent in Acronis Backup Cloud, but registration fails with:

    "Outgoing connections are not available for the following ports: hostname:44445"

    Prerequisites

    For a successful agent registration, the following prerequisites must be met:

    1. All required Acronis Backup Cloud hostnames are accessible through respective ports:

      1. check this article to review the list of hostnames and ports for your Acronis data center
      2. use this connection verification tool to automatically check connections; follow the on-screen instructions of the tool, if any errors are detected

    2. Determine, whether you use storage in one of Acronis data centers or Acronis Storage installed on your premises. You can check it in the management portal. This picture shows how a storage in Acronis data center and a local storage are displayed:

    The steps below describe troubleshooting a connection to Acronis Storage installed on your premises.

    Troubleshooting

    After checking connection to Acronis Backup Cloud, Acronis Agent checks connection to Acronis Storage by TCP port 44445. If this connection cannot be established, you receive the error mentioned above.

    To localize the root cause of the issue, you need to check one-by-one each of the prerequisites listed in this article.

    Step 1. Make sure ABGW service is up and running

    1. Locate your Acronis Storage Backup Gateway service nodes in the cluster.

    2.Log in to the Acronis Storage Backup Gateway node over SSH using PuTTY or any other SSH client software.

    3. To check the service status, issue the following command:
    #systemctl status vstorage-abgw.service

    Here is an example output of the command:

    vstorage-abgw.service - vstorage-abgw
       Loaded: loaded (/usr/lib/systemd/system/vstorage-abgw.service; enabled; vendor preset: disabled)
       Active: active (running) since Thu 2017-11-02 05:08:57 EDT; 6h ago
      Process: 3941 ExecStart=/usr/bin/vstorage-abgw -D -c /etc/vstorage/abgw.config (code=exited, status=0/SUCCESS)
    Main PID: 3942 (vstorage-abgw)
       CGroup: /system.slice/vstorage-abgw.service
               └─3942 /usr/bin/vstorage-abgw -D -c /etc/vstorage/abgw.config

    The service should be in the active (running)  state, the output should not contain any error messages.

    4. Check if the service is listening on ports 44444 and 44445. Use the following command:

    #netstat -nlp | grep abgw

    Output should be as follows:

    tcp        0      0 127.0.0.1:44444         0.0.0.0:*               LISTEN      3942/vstorage-abgw
    tcp        0      0 0.0.0.0:44445           0.0.0.0:*               LISTEN      3942/vstorage-abgw

    In case any of the commands above fail or return errors, you encounter an issue in one these areas:

    • service state is not active (running)
    • service is not listening on ports 44444 and/or 44445  

    If the service is not started or not listening, check the Acronis Backup Gateway service logs. Service logs are located in the /var/log/vstorage/ directory.

    Since the logs are compressed using zstd compression and could be quite long, the most convenient way to read them is as follows:
    #zstdcat /var/log/vstorage/abgw.log.zst | tail –n 100 -  to see only the last lines of the log file (which most probably contain the error message in case the service would not start)

    If there is no error message(s) found in the last 100 lines, you can extend the output by adding less in order to browse and search it:
    #zstdcat /var/log/vstorage/abgw.log.zst | tail -n 1000 | less

    Step 2. Make sure Firewall is not blocking the connection

    1. On the Acronis Storage node running the ABGW instance, use telnet to check whether the port is open, and then use telnet on the affected agent machine.

    By default the telnet utility is not installed on Acronis Storage nodes and Windows 2008 and above.
    To install telnet on Acronis Storage machines, use:
    yum install telnet

    For the instructions on how to install telnet on Windows machines refer to this Microsoft Technet article

    2. If telnet indicates that the connection is blocked, you need to check that the configuration in GUI corresponds with the actual configuration of firewall-cmd:

    Check the name of the interface holding your Acronis Backup Gateway public IP address.

    2.1. In WebCP, navigate to Nodes -> select the node with the ABGW icon -> Network -> choose NIC -> click Role. Make sure ABGW public is selected:

    2.2. On the machine with ABGW instance, Issue the following command:
    #firewall-cmd --list-all-zones | grep active -A 13

    Here is an example output:

    pub_ens32 (active)
      target: default
      icmp-block-inversion: no
      interfaces: ens32
      sources:
      services: dhcpv6-client ssh
      ports: 8888/tcp 44445/tcp
      protocols:
      masquerade: no
      forward-ports:
      sourceports:
      icmp-blocks:
      rich rules:
    --

    mix_ens34 (active)
      target: default
      icmp-block-inversion: no
      interfaces: ens34
      sources:
      services: dhcpv6-client ssh vstorage-mdns
      ports: 17514/tcp 8888/tcp
      protocols:
      masquerade: no
      forward-ports:
      sourceports:
      icmp-blocks:
      rich rules:
            rule family="ipv4" source address="172.29.38.0/24" accept

    In this example, Acronis Backup Gateway should listen for Agent connections on the ens32 interface. Firewall zone defining rules for this port is pub_ens32 (active).

    Verify that port 44445 is listed within the zone for Acronis Backup Gateway external interface.

    If it is not listed, follow the steps below:

    1. Open WebCP.
    2. In the left panel, click Nodes. Click the box representing your Acronis Storage node.
    3. Click Network.
    4. Choose the network adapter where your ABGW public role should reside and click Choose roles button.
    5. Check that ABGW public role is not set and set it.
    6. If it is set already, then:
      1. Drop the ABGW public check mark and click Done button.
      2. Open the Choose Roles panel again.
      3. Set the ABGW public check mark and click Done.

    Once you verify the port and see that the port is listed, Acronis Storage is configured correctly and all intermittent firewalls present between the Acronis Storage network interface and the internet, as well as between Acronis Agent and the internet should be checked to verify that traffic is not being blocked.

    You are reporting a typo in the following text:
    Simply click the "Send typo report" button to complete the report. You can also include a comment.
    CAPTCHA
    This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
    2 + 18 =
    Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.