Hello.
We are working with a bank to deploy an AWS appliance via the on-prem setup to protect a customers cloud instances in AWS. We've worked through a bunch of permissions issues, but now it seems at the very endpoint the appliance is trying to talk to something and it times out at the "Waiting for appliance deployment to finish" point.
The log file shows around this time a few "The proxy tunnel request to proxy 'http:/proxyfqdn:port' failed with status code 503" then "Failed to deploy VB, Veeam backup for AWS appliance is unavailable. Timeout elapsed: 1200s"
Whilst the log files show that it knows about the proxy, the appliance is not automatically configured with a proxy. We've manually added a proxy to the appliance OS (whilst waiting for the 1200s timeout), proven via curl command that the appliance can connect to an external site. But we still see in the AWS VPC log logs that the appliance is trying to reach external sites directly.
Yes, we have a support case 07706776. Its been open for some time now. We've even had a updated plugin version from engineering (which disables the deletion of the temporary S3 bucket in case of a failed deployment) along with a few registry keys to stop deleting everything when it fails.
Has anyone had success deploying the AWS appliance in a less-than-zero trust site like a bank? Did you run into similar issues? We have no option to allow direct internet access for anything in this environment.
Would appreciate any guidance / comments
Thanks
Adrian.
-
karapoti
- Influencer
- Posts: 18
- Liked: 1 time
- Joined: Apr 12, 2018 12:22 am
- Full Name: Adrian Robinson
- Contact:
-
nielsengelen
- Product Manager
- Posts: 5958
- Liked: 1246 times
- Joined: Jul 15, 2013 11:09 am
- Full Name: Niels Engelen
- Contact:
Re: AWS - appliance deployment will not complete
Hi Adrian,
We do have customers who run a secure infrastructure and where it all works. In this case, it's best to continue with support to figure out if this is a specific configuration issue or potential a bug.
Could you clarify which external sites are being targetted?
We do have customers who run a secure infrastructure and where it all works. In this case, it's best to continue with support to figure out if this is a specific configuration issue or potential a bug.
Could you clarify which external sites are being targetted?
GitHub: https://github.com/nielsengelen
-
karapoti
- Influencer
- Posts: 18
- Liked: 1 time
- Joined: Apr 12, 2018 12:22 am
- Full Name: Adrian Robinson
- Contact:
Re: AWS - appliance deployment will not complete
Thanks. I'd like to continue with support but they are refusing to help ...
Its stirring up quite the storm at my work (I work for Antonio).
Its stirring up quite the storm at my work (I work for Antonio).
-
karapoti
- Influencer
- Posts: 18
- Liked: 1 time
- Joined: Apr 12, 2018 12:22 am
- Full Name: Adrian Robinson
- Contact:
Re: AWS - appliance deployment will not complete
Seeing lots of NTP being blocked. Trying direct, and not using the proxy.
-
karapoti
- Influencer
- Posts: 18
- Liked: 1 time
- Joined: Apr 12, 2018 12:22 am
- Full Name: Adrian Robinson
- Contact:
Re: AWS - appliance deployment will not complete
Now, in the Cloudwatch logs the NTP drops have stopped. And Cloudwatch is showing that the appliance IS connecting to the proxy - as there are ALLOWs in cloudwatch.
Both the VBR server and the Appliance can connect to the proxy. We're trying to understand where / why the "proxy tunnel request to proxy xxx failed with status code 503" is coming from ...
Both the VBR server and the Appliance can connect to the proxy. We're trying to understand where / why the "proxy tunnel request to proxy xxx failed with status code 503" is coming from ...
Who is online
Users browsing this forum: No registered users and 2 guests