Troubleshooting Azure worker SSH connection fails when using worker test
This article helps identify common causes of CPM Azure Worker test failures and provides solutions.
1. Indications of an SSH issue
You run a File Level Recovery (FLR) and you can not expand the Virtual machine or Volume you are trying to browse.
2. You run the worker test and the SSH test fails.
3. The worker logs CPM n2w_connector.log,n2w_connector_error.log or the /var/log/syslog may have an error showing a timeout.
Aug 14 09:38:33 CPMWorkerMachine cloud-init[971]: ssh: connect to host x.x.x.x port 22: Connection timed out
Items to check
1. check security group settings allow the following ports on each instance the CPM and Azure worker.
The Security group for the Azure worker should look like this
Outbound Rules should have defined:
AllowAnyHTTPSOutbound port 443 allow
AllowAnySSHOutbound port 22 allow.
The CPM instance Security Group settings should allow the following ports:
INBOUND HTTPS (port 443):
- To the subnet the worker is configured to use.
INBOUND SSH (port 22) - for File Level Restore workers only (and for troubleshooting purposes.)
- To the subnet the worker is configured to use.
2. Check if there are AWS NACL's defined that could be causing the failure
3. Check firewall or proxy configurations
4. Check NAT
Steps to verify connectivity from the Azure worker to CPM instance running on AWS.
To test a proper connectivity from the worker to CPM, you can run the following commands from the worker (put CPM's IP or hostname instead of "CPMIP"):
NOTE: You need to make sure that you assigned a keypair to the Azure worker when you configured this for these commands to work.
Note: Please change CPMIP to the actual IP address if the CPM instance.
This command should result in status 302 (redirecting to "/signin/") followed by 200
ssh cpmuser@CPMIP
This command should result in "Permission denied (publickey)".
Related Articles
How to test the worker configuration from UI
Background: This document explains the steps to test a CPM Worker configuration. This can help reduce errors during S3 copy and File-Level restores by being able to confirm the settings used for these jobs are successfully able to connect. Worker ...Troubleshooting File Level Recovery (FLR) communication issue
CPM Configuration File-level recovery requires N2WS to recover volumes in the background and attach them to a temporary EC2 ‘worker’ launched for the operation, The worker will be launched in the same account and region as the snapshots being ...How To Test Connectivity from a CPM Worker to AWS endpoints
The Following Steps will help you Test the outgoing connection from the CPM Worker to AWS endpoints OR the CPM Server if you need to test to ensure that the Worker can reach the CPM server once it launches. Launch Worker First, ensure the CPM Worker ..."Worker did not establish connection" and "worker did not complete initializing" errors during S3 and FLR
During S3 operations, you may encounter the message "Worker i-... did not establish connection" in the log of an S3 copy or S3 restore operation. Error - Worker i-1234567890abcdef did not establish connection - terminating operation During File Level ...Troubleshooting common Cost Explorer issues
This document will go through the steps one can take to resolve common issues related to the CPM Cost Explorer feature 1. Required Permissions Make sure that you have updated the CPM instance role and all users associated with CPM with the latest CPM ...