Troubleshooting on-premises gateway issues - Amazon Storage Gateway
Activating Amazon Web Services Support to help troubleshoot your gateway
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon S3 File Gateway documentation has been moved to What is Amazon S3 File Gateway?

Amazon FSx File Gateway documentation has been moved to What is Amazon FSx File Gateway?

Tape Gateway documentation has been moved to What is Tape Gateway?

Troubleshooting on-premises gateway issues

You can find information following about typical issues that you might encounter working with your on-premises gateways, and how to activate Amazon Web Services Support to help troubleshoot your gateway.

The following table lists typical issues that you might encounter working with your on-premises gateways.

Issue Action to Take

You cannot find the IP address of your gateway.

Use the hypervisor client to connect to your host to find the gateway IP address.

  • For VMware ESXi, the VM's IP address can be found in the vSphere client on the Summary tab.

  • For Microsoft Hyper-V, the VM's IP address can be found by logging into the local console.

If you are still having trouble finding the gateway IP address:

  • Check that the VM is turned on. Only when the VM is turned on does an IP address get assigned to your gateway.

  • Wait for the VM to finish startup. If you just turned on your VM, then it might take several minutes for the gateway to finish its boot sequence.

You're having network or firewall problems.

  • Allow the appropriate ports for your gateway.

  • SSL cert validation/inspection should not be activated. Storage Gateway utilizes mutual TLS authentication which would fail if any 3rd party application tries to intercept/sign either certificate.

  • If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to Amazon. For more information about network and firewall requirements, see Network and firewall requirements.

Your gateway's activation fails when you click the Proceed to Activation button in the Storage Gateway Management Console.

  • Check that the gateway VM can be accessed by pinging the VM from your client.

  • Check that your VM has network connectivity to the internet. Otherwise, you'll need to configure a SOCKS proxy. For more information on doing so, see Routing Your On-Premises Gateway Through a Proxy.

  • Check that the host has the correct time, that the host is configured to synchronize its time automatically to a Network Time Protocol (NTP) server, and that the gateway VM has the correct time. For information about synchronizing the time of hypervisor hosts and VMs, see Synchronizing Your Gateway VM Time.

  • After performing these steps, you can retry the gateway deployment using the Storage Gateway console and the Setup and Activate Gateway wizard.

  • SSL cert validation/inspection should not be activated. Storage Gateway utilizes mutual TLS authentication which would fail if any 3rd party application tries to intercept/sign either certificate.

  • Check that your VM has at least 7.5 GB of RAM. Gateway allocation fails if there is less than 7.5 GB of RAM. For more information, see Requirements.

You need to remove a disk allocated as upload buffer space. For example, you might want to reduce the amount of upload buffer space for a gateway, or you might need to replace a disk used as an upload buffer that has failed.

For instructions about removing a disk allocated as upload buffer space, see Removing Disks from Your Gateway.

You need to improve bandwidth between your gateway and Amazon.

You can improve the bandwidth from your gateway to Amazon by setting up your internet connection to Amazon on a network adapter (NIC) separate from that connecting your applications and the gateway VM. Taking this approach is useful if you have a high-bandwidth connection to Amazon and you want to avoid bandwidth contention, especially during a snapshot restore. For high-throughput workload needs, you can use Amazon Direct Connect to establish a dedicated network connection between your on-premises gateway and Amazon. To measure the bandwidth of the connection from your gateway to Amazon, use the CloudBytesDownloaded and CloudBytesUploaded metrics of the gateway. For more on this subject, see Measuring Performance Between Your Gateway and Amazon. Improving your internet connectivity helps to ensure that your upload buffer does not fill up.

Throughput to or from your gateway drops to zero.

  • On the Gateway tab of the Storage Gateway console, verify that the IP addresses for your gateway VM are the same that you see using your hypervisor client software (that is, the VMware vSphere client or Microsoft Hyper-V Manager). If you find a mismatch, restart your gateway from the Storage Gateway console, as shown in Shutting Down Your Gateway VM. After the restart, the addresses in the IP Addresses list in the Storage Gateway console's Gateway tab should match the IP addresses for your gateway, which you determine from the hypervisor client.

    • For VMware ESXi, the VM's IP address can be found in the vSphere client on the Summary tab.

    • For Microsoft Hyper-V, the VM's IP address can be found by logging into the local console.

  • Check your gateway's connectivity to Amazon as described in Testing Your Gateway Connection to the Internet.

  • Check your gateway's network adapter configuration, and ensure that all the interfaces you intended to be activated for the gateway are activated. To view the network adapter configuration for your gateway, follow the instructions in Configuring Your Gateway Network and select the option for viewing your gateway's network configuration.

You can view the throughput to and from your gateway from the Amazon CloudWatch console. For more information about measuring throughput to and from your gateway and Amazon, see Measuring Performance Between Your Gateway and Amazon.

You are having trouble importing (deploying) Storage Gateway on Microsoft Hyper-V.

See Troubleshooting Microsoft Hyper-V setup, which discusses some of the common issues of deploying a gateway on Microsoft Hyper-V.

You receive a message that says: "The data that has been written to the volume in your gateway isn't securely stored at Amazon".

You receive this message if your gateway VM was created from a clone or snapshot of another gateway VM. If this isn’t the case, contact Amazon Web Services Support.

Allowing Amazon Web Services Support to help troubleshoot your gateway hosted on-premises

Storage Gateway provides a local console you can use to perform several maintenance tasks, including activating Amazon Web Services Support to access your gateway to assist you with troubleshooting gateway issues. By default, Amazon Web Services Support access to your gateway is deactivated. You provide this access through the host's local console. To give Amazon Web Services Support access to your gateway, you first log in to the local console for the host, navigate to the Storage Gateway's console, and then connect to the support server.

To allow Amazon Web Services Supportaccess to your gateway

  1. Log in to your host's local console.

  2. At the prompt, enter the corresponding numeral to select Gateway Console.

  3. Enter h to open the list of available commands.

  4. Do one of the following:

    • If your gateway is using a public endpoint, in the AVAILABLE COMMANDS window, enter open-support-channel to connect to customer support for Storage Gateway. Allow TCP port 22 so you can open a support channel to Amazon. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.

    • If your gateway is using a VPC endpoint, in the AVAILABLE COMMANDS window, enter open-support-channel. If your gateway is not activated, provide the VPC endpoint or IP address to connect to customer support for Storage Gateway. Allow TCP port 22 so you can open a support channel to Amazon. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.

    Note

    The channel number is not a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, the gateway makes a Secure Shell (SSH) (TCP 22) connection to Storage Gateway servers and provides the support channel for the connection.

  5. After the support channel is established, provide your support service number to Amazon Web Services Support so Amazon Web Services Support can provide troubleshooting assistance.

  6. When the support session is completed, enter q to end it. Don't close the session until Amazon Web Services Support notifies you that the support session is complete.

  7. Enter exit to log out of the gateway console console.

  8. Follow the prompts to exit the local console.