Symptoms
1. Manual ACI Backup Gateway registration in Acronis Cyber Protect Cloud per Administration Guide or attempt to update the certificate for backup storage fails with one of the following errors in UI:
- Incorrect username or password.
- Error returned: GET https://XX-cloud.acronis.com/api/2/users/me status 401 Unauthorized(401) ({"error":{"code":1000,"message":"An error has occurred.","details":{"info":"","addition":[{}]},"context":{},"domain":"PlatformAccountServer"}}) (, )
- DC name for '%username%' is: 'https://XX-cloud.acronis.com' Account server https://XX-cloud.acronis.com Cloud installation Error returned: GET https://XX-cloud.acronis.com/api/2/users/me status 401 Unauthorized(401) ({"error":{"code":1037,"message":"Multi-Factor Authentication is required","details":{"info":"","addition":[{}]},"context":{},"domain":"PlatformAccountServer"}}) (, )
In the same way deployment of Backup Gateway in Azure per Backup Gateway Quick Start Guide for Microsoft Azure fails and the similar message is observed in /var/log/initializing log of deployed Azure VM:
[root@acronis-gateway ~]# tail -n2 /var/log/initializing
[2020-05-05T17:03:56+0000]: Registering this instance as storage in cloud...
invalid username/password
2. It is verified that username and password is correct, however two-factor authentication (2FA) is enabled for the cloud tenant and user used for ABGW registration/certificates update.
Cause
Current implementation of Backup Gateway service does not support registration or update of certificates under users having 2FA enabled as mentioned in Limitations part of the documentation.
Solution
Disable 2FA for a specific user within a 2FA-enabled tenant as described in Cyber Cloud - User Guide. Use that user’s credentials to register the storage or update certificates.
Other users of the account can keep using two-factor authentication.