following 'app-aware' agents are not connected: i-123456789ae

Backup partially successful because "following app-aware agents are not connected: i-123456789ae"

Error

Sometimes backup of windows instance might complete with partially successful status and the below info message in the UI logs
Following 'app-aware' agents are not connected: i-0f9e26a91aca8e4d7.

for example:


Solution

This info message means that the policy has application consistent backup enabled for that instance, but that the VSS Thin Backup Agent is either not installed or can't communicate with the N2WS server 
If you do not need application consistent backup you can disable it in the policy configuration to avoid this issue, otherwise you can follow below steps to troubleshoot the not connected issue:

1. If the thin backup agent is not installed, you need to download it from the UI and install it on the target windows instance


2. If it is installed and you still get the message, then you need check that you provided the correct N2WS server IP address, the configuration is located here:
C:\Program Files (x86)\CPM Agent\cpmagent.cfg -> server_address

3. The VSS agent will try to connect over HTTPS (port 443), you need to check the outbound AWS security group role for the instance and the inbound role for the N2WS server.

You can also check the logs for the following message (located here C:\Program Files (x86)\CPM Agent\logs\cpm_agent.log)
2021-12-21 15:35:14,957:[3028] ERROR:  get_agent_tasks(agentapi_requests.pyo:472)  failed calling url https://1.1.1.11:443/agentapi/agent_tasks/. Exception: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:661)>
2021-12-21 15:35:14,973:[3028] ERROR:  tasks_main_loop(agent_tasks_loop.pyo:135)  Error from get_agent_tasks 

This means that the agent was unable to connect with the server, assuming that the IP address is correct - it must be some firewall or proxy blocking communication.
A quick way to test this is to open a browser in the target windows instance and try to open the N2WS server URL  - HTTPS://IpAddress
If it fails to open it in the browser, then the agent will fail as well and you need to check your instance security group/firewall.

5.  Another issue might be due to environment parameters, If you are not using proxy for CPM, but the target instance has https_proxy environment parameter, then sometimes this might interrupt the Agent communication, for VSS agent version 3.1+ do the below
  1. add the CPM address (from cpmagent.cfg -> server_address) to the addresses in 'NO_PROXY' environment variable. This should make the thin agent ignore the https_proxy environment variable when connecting to CPM
  2. Restart the cpmagent service and test again

5. If all of the above fail, raise a ticket with support and provide below files
  1. config file: C:\Program Files (x86)\CPM Agent\cpmagent.cfg 
  2. zip entire log folder: C:\Program Files (x86)\CPM Agent\logs