Agentless, cloud-native backup for Amazon Web Services (AWS)
Post Reply
Phil98
Novice
Posts: 4
Liked: 1 time
Joined: Jun 20, 2020 7:59 pm
Full Name: Phil Hoffman
Contact:

"Policy has failed unexpectedly" error after upgrading to version 2

Post by Phil98 »

I've been running version 1 for quite a while, and yesterday upgraded to version 2. There were 3 notifications when the instance rebooted:
1) Policies schedule was updated to a new version. Please review the policies and enable them. Easily done
2) Role for account Default Backup Restore has insufficient permissions for workers management. You need to grant them first. This prompted for AWS keys, which I applied, and it failed. There's a lengthy error message, but the gist of which is that user: arn:aws:iam::...... is not authorized to perofrm: iam:GetPolicy on resource: policy arn:iam::.....
3) "Role for account Default Backup Restore has insufficient permissions to use change-tracking in policies. You need to grant them first". This also prompted for an account key and secret key, but appears to have work.

Following that, all notifications were gone. But the policies failed to execute properly on first run. The snapshots appear to have been successful, but the actual backups appear to have failed.

Any advice from the community would be greatly appreciated. I'm reasonably comfortable with EC2 instances, but am not as proficient as I perhaps need to be with IAM roles, so it would be great if you'd be kind enough to err on the side of providing too much, rather than too little detail in your guidance.

Thanks
nielsengelen
Product Manager
Posts: 5797
Liked: 1215 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: "Policy has failed unexpectedly" error after upgrading to version 2

Post by nielsengelen »

Hi Phil98,

Within the policy you can perform a permission check on the summary page but if you’ve done the grant that should be fine. For the popups, both 2 and 3 are connected and done via the same grant :-).

It may be best to contact support for more insight as this is hard to troubleshoot via these forums. Per our forum rules, a support case ID is required when posting a technical issue so can you please contact support about this and let us know the case ID for future reference?
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
Phil98
Novice
Posts: 4
Liked: 1 time
Joined: Jun 20, 2020 7:59 pm
Full Name: Phil Hoffman
Contact:

Re: "Policy has failed unexpectedly" error after upgrading to version 2

Post by Phil98 »

Hi Niels

Thanks very much for letting me know that rule. I'd already contacted Tech Support and the Case # 04241863

I'm very glad you mentioned the policy permission check on the summary page, as it clearly indicates the cause: I'm running in Amazon us-east-1e availability zone, which for does not support the use of c5.large instance types used by the worker instances. We had the same problem in version 1, and Veeam helped me edit the configuration to force the use of an older instance type, which worked perfectly. It seems that this customization was discarded during the upgrade process. But no matter, the path towards resolving this is clear: specifying us-east-1a, ...-1b, ...-1c, etc. should take care of it. I'll give that a try tonight and post an update.

Thanks again!

Best regards
Phil
nielsengelen
Product Manager
Posts: 5797
Liked: 1215 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: "Policy has failed unexpectedly" error after upgrading to version 2

Post by nielsengelen »

Thanks for getting back to us on this topic. I’m sure support will be able to assist you again and we’ll look into what happened to this customization.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
Phil98
Novice
Posts: 4
Liked: 1 time
Joined: Jun 20, 2020 7:59 pm
Full Name: Phil Hoffman
Contact:

Re: "Policy has failed unexpectedly" error after upgrading to version 2

Post by Phil98 » 1 person likes this post

Thank YOU. The original customization was adding these lines to /etc/veeam/awsbackup/config.ini

[CAmazonConfigurationOptions]
ProxyApplianceInstanceType = "t2.medium"
FlrApplianceInstanceType = "t2.medium"
RestoreApplianceInstanceType = "t2.medium"

and then restarting the veeamawsbackup service. (The choice of t2.medium is mine, and works fine in my environment; I'd like to point out to other readers of this post that it may not be suitable for their needs).

I've reapplied that to my current instance and the policies now pass the permission check -- even easier than moving to a new availability zone. Thanks again for pointing me in the right direction.

Best regards
Phil
Phil98
Novice
Posts: 4
Liked: 1 time
Joined: Jun 20, 2020 7:59 pm
Full Name: Phil Hoffman
Contact:

Re: "Policy has failed unexpectedly" error after upgrading to version 2

Post by Phil98 »

That did the trick. All policies executed successfully as scheduled last night.

Best regards
Phil
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest