FAQ
Permission check may fail with an error "Could not assume role"
Issue: Permission check may fail with this error message: ERROR: get_assume_role_credentials(aws_utils.py:1337) Could not assume role arn arn:<AWS account ARN:RoleName> from account <CPM Account> (<CPM user>), reason User arn:<AWS account ARN:IAM ...
Failed to login to AD FS with the error: "The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy (invalid_response)"
Issue: When trying to login to AD FS from CPM, you may receive an error: "The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy (invalid_response)" The same error can be found in the ...
SAML Identity Provider user log in issues
Description: This KB article describes several scenarios that could happen when SAML based Identity Provider is used to provide log in requests for the CPM. Scenario 1 User tries to log in to the CPM when he belongs to cpm_<groupname> group in the ...
Cannot open ADFS login page while testing connection or trying to log in with an error "err_connection_reset"
Issue: When trying to connect to the fresh installation of ADFS from the CPM, you may receive an error message "err_connection_reset". When this issue occurs, no error or warning message appear in the CPM log files. Description: This issue may happen ...
Important message: in XX days the number of instances allowed in Standard/AdvancedEnterprise edition will be XYZ instead of ZYX.
You may have recently received this message in CPM's GUI: This message indicates that your CPM edition will have its license limits reduced as of July 27th 2018. To extend the license grace period until August 2 (included), you can install one of the ...
How to configure IDP users to have Root/Admin Account Permissions in CPM
Background: Often administrators are asked to configure logins of an IDP solution with Cloud Protection Manager CPM. This document will discuss the required configuration steps needed to allow IDP users to easily access CPM GUI and be able to see ...
Login failure with the reason https://%cpm servername%/remote_auth/metadata is not a valid audience for this Response (invalid_response)
Background: This error can occur for several reasons when trying to implement IDP/ ADFS integration with Cloud Protection Manager. This document will detail what to check in Cloud Protection Manager and on the IDP side to resolve this. Excerpt from ...
Does Cloud Protection Manger (CPM) support AWS long resource Names?
Does Cloud Protection Manager (CPM) support AWS long resource Names? Yes Cloud Protection Manager fully supports the backup and tag scanning of AWS Objects that have the newly extended length of the resource ID field. If you experience any issues ...
Steps to replace the CPM User Access Key
Steps to replace the CPM User Access Key 1. Open the AWS Console and under Services at the top of the screen go to Security, Identity & Compliance, IAM, Users. 2. Choose the CPM account and Select Security Credentials 3. Click “Create Key ...
Agents may not show up in the "Agents" tab after installation
Q: My Agents do not show up in the "Agents" tab in CPM GUI after installation. A: The Agents won't show up unless you have enabled Application Consistent Backup for these instances in the Backup Targets of your policy.
Error "Could not share private image ami-12345678 between accounts" may occur during cross-account instance recovery
Error "Could not share private image ami-12345678 between accounts" may occur during cross-account instance recovery: Error - Could not share private image ami-12345678 between accounts Error - First step (launching instance) failed. Reason: Could ...
Message "Warning - Cross Account AMI backup is not supported" may appear in Backup Logs
The following message may appear in Backup Logs when policy has cross-account DR enabled, usually when Windows instances are protected in this policy: Warning - Cross Account AMI backup is not supported This is a result of an AWS limitation: "You ...
SNS alert and daily summary not being received "not authorized to perform: SNS:Publish on resource"
CPM Alert and daily summary are not being received through the AWS SNS system. In CPM server logging you may see this message: ERROR: send_push_alert_inner(.\cpmserver\cpm\notifications.py:451) Failed publishing alert: License will expire on ...
Meltdown/Spectre vulnerabilities and CPM
In order to fix the "Meltdown" vulnerability, please follow these instructions: https://support.n2ws.com/portal/kb/articles/how-to-update-the-ubuntu-distribution-on-the-cpm-instance We have verified that as of now (April 12th 2018), this procedure ...
Cross-account instance recovery with CPM_CLI may not retain instance’s attached volumes
When performing cross-account instance recovery of an instance with more than one volume, using CPM CLI, CPM may fail to recover the instance’s attached volumes . The instance will get created only with its root volume and no error message will ...
CLI call to clear alerts
A new CLI function allows to clear all alerts in the system, for all users. Can be run only by the admin/root user The CLI call command is named: clear_all_alerts You can download the latest CLI and it's User Guide at ...
CPM Server may fail to finish configuration when upgrading from v2.1.3 to v2.1.3a using AMI
At the end of configuration, when clicking at the "Click here to start CPM" link, CPM may go back to a page asking to enter instance id. Rebooting the instance and going directly to the /console URL doesn't help. The following error can be found in ...
Allow adding a script app aware instance by tags
Previously there was just one option to enable ‘app aware’ backups, and that is by using the ‘app-aware’ keyword (you can find more details in User Guide - section 13.2.3). Now we added two more: ‘app-aware’ (old one) - enables the ‘app aware’ ...
Daily Summary/Cleanup Log may alert of false Cleanup issues
You may receive the following warning in Daily Summary or Cleanup Log: Warning - Cleanup did not mark any backups for deletion for policy DailyPolicy, because out of 3 completed backups, only 1 were marked as successful This warning may be triggered ...
Snapshot and backup records may not be deleted during cleanup - although snapshots are deleted in EC2 and backups are hidden in GUI
If you have CPM Server v2.1.3a, snapshot and backup records may not be deleted during cleanup from CPM's internal database - although snapshots are deleted in EC2 and backups are hidden in GUI If you have v2.1.3a, please upgrade to the latest 2.1.X ...
How to update the Ubuntu distribution on the CPM instance
Before starting it is recommended to take backup of cpmdata volume and be familiar with how to restore the server. In order to update the Ubuntu distribution on the CPM instance, you have to follow these instructions precisely (when no backup/DR is ...
Cleanup Log
This feature was added to allow CPM users to better understand whether Cleanup process ran successfully. It can be found in the “General Settings” tab. The Cleanup Interval may be set to run every 1 to 24 hours. Last cleanup timestamp will show the ...
Snapshot Tagging
The feature automatically adds the below tags to any snapshot created by CPM: Tag Key Tag Value cpm_server_id An alphanumeric string of 36 characters which identifies the server cpm_policy_name The name of the policy which generated the snapshot ...
Does CPM Support rolling forward SQL logs after restore?
CPM doesn't support rolling forward SQL logs, since CPM performs "full backup", not "logs backup". We recommend to use the simple recovery model with CPM backups.
Does CPM backup ephemeral storage?
The answer is no, CPM does not backup the ephemeral storage. CPM utilizes native AWS snapshots, and they do not support ephemeral storage. Ephemeral storage is not meant for persistent data. That said, in some setups, to leverage the speed of that ...
CLI operations may fail with the “The read operation timed out” error
If you receive the “The read operation timed out” error during a CLI operation, you can use the parameter "--timeout <value>" to set a longer timeout. For example, "--timeout 600" would set a 10 minute timeout. Please make sure that you use the ...
Error "Account AccountName can't define the cpmdata policy, as it's not the owner of the CPM Server" may be displayed when creating the "cpmdata" policy
Error "Account AccountName can't define the cpmdata policy, as it's not the owner of the CPM Server" may be displayed when creating the "cpmdata" policy. This means that you are trying to create the "cpmdata" policy using an account that isn't the ...
MustGather information: how to collect logging and relevant details for CPM support (OldUI)
When opening a support ticket, please provide the following information: 1. Always, no matter what the issue is, please provide the full CPM Server logs using the link at the bottom of the screen If you are unable to connect to the CPM GUI, please ...
How to backup instances in the Chinese regions
CPM can't be launched in China, since the AWS Marketplace is not enabled there. When it will be, CPM will be available as well. That said, CPM can be launched in another region and can manage backups in China. The Chinese regions are disabled in CPM ...
Agents are missing from the "Backup Agent" column after upgrading agents and policies
A: After upgrading from CPM v1.x to 2.x, we have performed our agent and policy upgrade. The backups complete successfully, but the “Backup Agent” column in the “Policies” tab now shows “None” when there is an agent running on the instance. When we ...
CPM and "Dirty COW" Linux vulnerability
In order to fix the "Dirty COW" vulnerability, please follow these instructions: https://support.n2ws.com/portal/kb/articles/how-to-update-the-ubuntu-distribution-on-the-cpm-instance
Backups/DR/tag scans may start to fail because of clock issues or connectivity issues.
Problem descriptions: If you start seeing failures in the logs of AWS API calls saying that "AWS was not able to validate the provided access credentials", this is likely caused by either lack of connectivity with AWS endpoints or time ...