File Level Restore (FLR) fails on VMware Cloud on AWS (VMC) with error failed to establish a new connection
Problem description
File Level Restore (FLR) on the original virtual machine or on an alternate virtual machine fails with the following error:
Failed to establish a new connection.
Cause
This error occurs if connectivity to ESXi from the backup proxy is not established and the required firewall rules are not created in the VMC.
Traceback
- Download the job logs. For more information, see Logs.
- Extract the logs and navigate to file Phoenix-Flr-<YYYY/MM/DD>-<timestamp>-<jobid>.log and search for the following traceback in the logs:
[2020-03-31 15:21:59,420] [ERROR] Error <class 'requests.exceptions.ConnectionError'>:HTTPSConnectionPool(host='10.3.2.8', port=443): Max retries exceeded with url: /guestFile?id=716&token=52821898-a9ac-b001-08eb-5e03906c33f1716 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f4cb602c050>: Failed to establish a new connection: [Errno 110] Connection timed out',)). Traceback -Traceback (most recent call last):
File "agents/flr/flrRestore.py", line 781, in copyFile
File "requests/api.py", line 131, in put
File "requests/api.py", line 60, in request
File "requests/sessions.py", line 533, in request
File "requests/sessions.py", line 646, in send
File "requests/adapters.py", line 516, in send
ConnectionError: HTTPSConnectionPool(host='10.3.2.8', port=443): Max retries exceeded with url: /guestFile?id=716&token=52821898-a9ac-b001-08eb-5e03906c33f1716 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f4cb602c050>: Failed to establish a new connection: [Errno 110] Connection timed out',))
Resolution
Create a firewall rule using the following steps:
-
Login to the VMC console https://vmc.vmware.com.
-
From the landing page select the required Software-Defined Data Centers (SDDC).
-
Click on the Networking & Security tab.
-
In the Security section click on Gateway Firewall.
-
In the Management Gateway click on Add New Rule.
-
Enter a Name. Example : esxaccess-Druva
-
In the Source field, click on Set Source and select User Defined Group.
-
Click on Create New Group
-
Enter a Name. Example: Druva-Backup-Proxy.
-
The Member Type field is set to IP Address.
-
In the Members field enter the IP address of the backup proxy.
-
Click Save.
-
-
In the Destination field click Set Destination.
-
Choose System Defined Groups and select ESXi
- Click Save.
-
-
In the Services field select the services.
-
Click Publish.
Verification
After the firewall rules are applied, attempt the restore again.