Troubleshoot Azure virtual machine backup
You can troubleshoot errors encountered while using Azure Backup with the information listed in the following table:
|Backup couldn't perform the operation as the virtual machine (VM) no longer exists:
Stop protecting the virtual machine without deleting backup data. For more information, see Stop protecting virtual machines.
|This error happens when the primary VM is deleted, but the backup policy still looks for a VM to back up. To fix this error, take the following steps:
|The Azure Virtual Machine Agent (VM Agent) can't communicate with the Azure Backup service:
Make sure the VM has network connectivity, and the VM agent is the latest and running. For more information, see Troubleshoot Azure Backup failure: Issues with the agent or extension.
|This error happens if there's a problem with the VM Agent, or network access to the Azure infrastructure is blocked in some way. Learn more about debugging VM snapshot issues.
If the VM Agent isn't causing problems, restart the VM. An incorrect VM state can cause problems, and restarting the VM resets the state.
|The VM is in failed provisioning state:
Restart the VM and make sure the VM is running or shut down.
|This error occurs when one of the extension failures puts the VM into failed provisioning state. Go to the extensions list, check if there's a failed extension, remove it, and try restarting the virtual machine. If all extensions are in running state, check if the VM Agent service is running. If not, restart the VM Agent service.|
|Backup couldn't copy the snapshot of the virtual machine because of insufficient free space in the storage account:
Make sure that storage account has free space equal to the data present on the premium storage disks attached to the virtual machine.
|For premium VMs on VM backup stack V1, we copy the snapshot to the storage account. This step makes sure that backup management traffic, which works on the snapshot, doesn't limit the number of IOPS available to the application using premium disks.
We recommend that you allocate only 50 percent, 17.5 TB, of the total storage account space. Then the Azure Backup service can copy the snapshot to the storage account and transfer data from this copied location in the storage account to the vault.
|Backup can't perform the operation as the VM Agent isn't responsive.||This error happens if there's a problem with the VM Agent or network access to the Azure infrastructure is blocked in some way. For Windows VMs, check the VM Agent service status in services and whether the agent appears in programs in the control panel.
Try removing the program from the control panel and reinstalling the agent as described in VM Agent. After you reinstall the agent, trigger an ad hoc backup to verify it.
|The recovery services extension operation failed:
Make sure the latest VM Agent is present on the virtual machine, and the VM Agent service is running. Retry the backup operation. If the backup operation fails, contact Microsoft Support.
|This error happens when the VM Agent is out of date. Refer to Troubleshoot Azure virtual machine backup to update the VM Agent.|
|The virtual machine doesn't exist:
Make sure the virtual machine exists, or select a different virtual machine.
|This error occurs when the primary VM is deleted, but the backup policy still looks for a VM to back up. To fix this error, take the following steps:
|The command run failed:
Another operation is currently in progress on this item. Wait until the previous operation finishes. Then retry the operation.
|An existing backup job is running, and a new job can't start until the current job finishes.|
|Copying VHDs from the Recovery Services vault timed out:
Retry the operation in a few minutes. If the problem persists, contact Microsoft Support.
|This error occurs if there's a transient error on the storage side, or if the Backup service doesn't receive sufficient storage account IOPS to transfer data to the vault, within the timeout period. Make sure to follow the best practices when configuring your VMs. Move your VM to a different storage account that isn't loaded and retry the backup job.|
|Backup failed with an internal error:
Retry the operation in a few minutes. If the problem persists, contact Microsoft Support.
|You get this error for two reasons:
|Backup failed to install the Azure Recovery Services extension on the selected item:
The VM Agent is a prerequisite for the Azure Recovery Services extension. Install the Azure Virtual Machine Agent and restart the registration operation.
|Extension installation failed with the error COM+ was unable to talk to the Microsoft Distributed Transaction Coordinator.||This error usually means that the COM+ service isn't running. Contact Microsoft Support for help with fixing this issue.|
|The snapshot operation failed with the Volume Shadow Copy Service (VSS) operation error This drive is locked by BitLocker Drive Encryption. You must unlock this drive from the Control Panel.||Turn off BitLocker for all drives on the VM and check if the VSS issue is resolved.|
|The VM isn't in a state that allows backups.||
|An Azure virtual machine wasn't found.||This error occurs when the primary VM is deleted, but the backup policy still looks for the deleted VM. Fix this error as follows:
|The VM Agent isn't present on the virtual machine:
Install any prerequisite and the VM Agent. Then restart the operation.
|Read more about VM Agent installation and how to validate VM Agent installation.|
|The snapshot operation failed because VSS writers were in a bad state.||Restart VSS writers that are in a bad state. From an elevated command prompt, run
|The snapshot operation failed because of a parsing failure of the configuration.||This error happens because of changed permissions on the MachineKeys directory: %systemdrive%\programdata\microsoft\crypto\rsa\machinekeys.
Run the following command and verify that permissions on the MachineKeys directory are default ones:
Default permissions are as follows:
|The Azure Backup service doesn't have sufficient permissions to Azure Key Vault for backup of encrypted virtual machines.||Provide the Backup service these permissions in PowerShell by using the steps in Create a VM from restored disks.|
|Installation of the snapshot extension failed with the error COM+ was unable to talk to the Microsoft Distributed Transaction Coordinator.||From an elevated command prompt, start the Windows service COM+ System Application. An example is net start COMSysApp. If the service fails to start, then take the following steps:
|The snapshot operation failed because of a COM+ error.||We recommend that you restart the Windows service COM+ System Application from an elevated command prompt, net start COMSysApp. If the issue persists, restart the VM. If restarting the VM doesn't help, try removing the VMSnapshot Extension and trigger the backup manually.|
|Backup failed to freeze one or more mount points of the VM to take a file system consistent snapshot.||Take the following step:
|The snapshot operation failed because of failure to create a secure network communication channel.||
|The snapshot operation failed because of failure to install Visual C++ Redistributable for Visual Studio 2012.||Navigate to C:\Packages\Plugins\Microsoft.Azure.RecoveryServices.VMSnapshot\agentVersion and install vcredist2012_x64. Make sure that the registry key value that allows this service installation is set to the correct value. That is, the value of the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msiserver is set to 3 and not 4.
If you still have issues with installation, restart the installation service by running MSIEXEC /UNREGISTER followed by MSIEXEC /REGISTER from an elevated command prompt.
|Cancellation isn't supported for this job type:
Wait until the job finishes.
|The job isn't in a cancelable state:
Wait until the job finishes.
The selected job isn't in a cancelable state:
Wait for the job to finish.
|It's likely that the job is almost finished. Wait until the job is finished.|
|Backup can't cancel the job because it isn't in progress:
Cancellation is supported only for jobs in progress. Try to cancel an in-progress job.
|This error happens because of a transitory state. Wait a minute and retry the cancel operation.|
|Backup failed to cancel the job:
Wait until the job finishes.
|Restore failed with a cloud internal error.||
|The selected DNS name is already taken:
Specify a different DNS name and try again.
|This DNS name refers to the cloud service name, usually ending with .cloudapp.net. This name needs to be unique. If you get this error, you need to choose a different VM name during restore.
This error is shown only to users of the Azure portal. The restore operation through PowerShell succeeds because it restores only the disks and doesn't create the VM. The error will be faced when the VM is explicitly created by you after the disk restore operation.
|The specified virtual network configuration isn't correct:
Specify a different virtual network configuration and try again.
|The specified cloud service is using a reserved IP that doesn't match the configuration of the virtual machine being restored:
Specify a different cloud service that isn't using a reserved IP. Or choose another recovery point to restore from.
|The cloud service has reached its limit on the number of input endpoints:
Retry the operation by specifying a different cloud service or by using an existing endpoint.
|The Recovery Services vault and target storage account are in two different regions:
Make sure the storage account specified in the restore operation is in the same Azure region as your Recovery Services vault.
|The storage account specified for the restore operation isn't supported:
Only Basic or Standard storage accounts with locally redundant or geo-redundant replication settings are supported. Select a supported storage account.
|The type of storage account specified for the restore operation isn't online:
Make sure that the storage account specified in the restore operation is online.
|This error might happen because of a transient error in Azure Storage or because of an outage. Choose another storage account.|
|The resource group quota has been reached:
Delete some resource groups from the Azure portal or contact Azure Support to increase the limits.
|The selected subnet doesn't exist:
Select a subnet that exists.
|The Backup service doesn't have authorization to access resources in your subscription.||To resolve this error, first restore disks by using the steps in Restore backed-up disks. Then use the PowerShell steps in Create a VM from restored disks.|
Backup or restore takes time
If your backup takes more than 12 hours, or restore takes more than 6 hours:
- Understand factors that contribute to backup time and factors that contribute to restore time.
- Make sure that you follow backup best practices.
Set up the VM Agent
Typically, the VM Agent is already present in VMs that are created from the Azure gallery. But virtual machines that are migrated from on-premises datacenters won't have the VM Agent installed. For those VMs, the VM Agent needs to be installed explicitly.
- Download and install the agent MSI. You need Administrator privileges to finish the installation.
- For virtual machines created by using the classic deployment model, update the VM property to indicate that the agent is installed. This step isn't required for Azure Resource Manager virtual machines.
- Install the latest version of the agent from the distribution repository. For details on the package name, see the Linux Agent repository.
- For VMs created by using the classic deployment model, use this blog to update the VM property and verify that the agent is installed. This step isn't required for Resource Manager virtual machines.
Update the VM Agent
- To update the VM Agent, reinstall the VM Agent binaries. Before you update the agent, make sure no backup operations occur during the VM Agent update.
To update the Linux VM Agent, follow the instructions in the article Updating the Linux VM Agent.
Always use the distribution repository to update the agent.
Don't download the agent code from GitHub. If the latest agent isn't available for your distribution, contact the distribution support for instructions to acquire the latest agent. You can also check the latest Windows Azure Linux agent information in the GitHub repository.
Validate VM Agent installation
Verify the VM Agent version on Windows VMs:
- Sign in to the Azure virtual machine and navigate to the folder C:\WindowsAzure\Packages. You should find the WaAppAgent.exe file.
- Right-click the file and go to Properties. Then select the Details tab. The Product Version field should be 2.6.1198.718 or higher.
Troubleshoot VM snapshot issues
VM backup relies on issuing snapshot commands to underlying storage. Not having access to storage or delays in a snapshot task run can cause the backup job to fail. The following conditions can cause snapshot task failure:
- Network access to Storage is blocked by using NSG. Learn more on how to establish network access to Storage by using either whitelisting of IPs or through a proxy server.
VMs with SQL Server backup configured can cause snapshot task delay. By default, VM backup creates a VSS full backup on Windows VMs. VMs that run SQL Server, with SQL Server backup configured, can experience snapshot delays. If snapshot delays cause backup failures, set following registry key:
VM status is reported incorrectly because the VM is shut down in RDP. If you used the remote desktop to shut down the virtual machine, verify that the VM status in the portal is correct. If the status isn't correct, use the Shutdown option in the portal VM dashboard to shut down the VM.
- If more than four VMs share the same cloud service, spread the VMs across multiple backup policies. Stagger the backup times, so no more than four VM backups start at the same time. Try to separate the start times in the policies by at least an hour.
- The VM runs at high CPU or memory. If the virtual machine runs at high memory or CPU usage, more than 90 percent, your snapshot task is queued and delayed. Eventually it times out. If this issue happens, try an on-demand backup.
Like all extensions, Backup extensions need access to the public internet to work. Not having access to the public internet can manifest itself in various ways:
- Extension installation can fail.
- Backup operations like disk snapshot can fail.
- Displaying the status of the backup operation can fail.
The need to resolve public internet addresses is discussed in this Azure Support blog. Check the DNS configurations for the VNET and make sure the Azure URIs can be resolved.
After name resolution is done correctly, access to the Azure IPs also needs to be provided. To unblock access to the Azure infrastructure, follow one of these steps:
- Whitelist the Azure datacenter IP ranges:
- Create a path for HTTP traffic to flow:
- If you have some network restriction in place, deploy an HTTP proxy server to route the traffic. An example is a network security group. See the steps to deploy an HTTP proxy server in Establish network connectivity.
- Add rules to the NSG, if you have one in place, to allow access to the internet from the HTTP proxy.
DHCP must be enabled inside the guest for IaaS VM backup to work. If you need a static private IP, configure it through the Azure portal or PowerShell. Make sure the DHCP option inside the VM is enabled. Get more information on how to set up a static IP through PowerShell:
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.