Share via

Error while copying incremental snapshot to a different subscription & tenant

Purusottam 0 Reputation points
2024-01-31T03:42:09.2266667+00:00

We are trying to copy a managed disk incremental snapshot with private endpoint through disk access to a page blob. Using az cli, it is failing with following error The source for incremental copy request must be a snapshot. ErrorCode: IncrementalCopySourceMustBeSnapshot. Using azure-storage-blob python SDK, it is failing with following error: CopySourceCannotBeIncrementalCopyBlob: Source blob of a copy operation cannot be non-snapshot incremental copy blob using azcopy, we see the below error: 409 Source blob of a copy operation cannot be non-snapshot incremental copy blob


Steps to reproduce:

1. Create disk access
    
    ```bash
    az disk-access create -n $diskAccessName -g $resourceGroupName -l $region
    ```
    
2. Create private endpoint for the disk access
    
    ```bash
    az network private-endpoint create --resource-group $resourceGroupName \
        --name $privateEndPointName \
        --vnet-name $vnetName  \
        --subnet $subnetName \
        --private-connection-resource-id $diskAccessId \
        --group-ids disks \
        --connection-name $privateEndPointConnectionName
    ```
    
3. Configure private DNS zone
    
    ```bash
    az network private-dns zone create --resource-group $resourceGroupName \ 
    	--name "privatelink.blob.core.windows.net"
    
    az network private-dns link vnet create --resource-group $resourceGroupName \
    	--zone-name "privatelink.blob.core.windows.net" --name yourDNSLink \
    	--virtual-network $vnetName --registration-enabled false
    
    az network private-endpoint dns-zone-group create --resource-group $resourceGroupName \
    	--endpoint-name $privateEndPointName --name yourZoneGroup \
    	--private-dns-zone "privatelink.blob.core.windows.net" --zone-name disks
    ```
    
4. Create an incremental snapshot with private access
    
    ```bash
    az snapshot create -n $snapshotNameSecuredWithPL \
    -g $resourceGroupName \
    -l $region \
    --source $diskId \
    --network-access-policy AllowPrivate \
    --disk-access $diskAccessId
    --incremental true
    ```
    
5. copy snapshot to storage account (executed in the vm inside the allowed VNet, so that we can access snapshot via private endpoint)
    
    ```bash
    sas=$(az snapshot grant-access --resource-group $resourceGroupName \ 
    --name $snapshotNameSecuredWithPL --duration-in-seconds 3600 \
    --query [accessSas] -o tsv)
    
    az storage blob incremental-copy start --destination-blob $new_blob \
    --destination-container $container \
    --account-name $storage_account \
    --account-key $storage_account_key \
    --source-uri $sas
    ```
    
    Alternate method used to copy (python SDK as per [Azure-Samples](https://github.com/Azure-Samples/managed-disks-dotnet-backup-with-incremental-snapshots/blob/master/CopyManagedDisksIncrementalSnapshots/Program.cs))
    
    ```python
    from azure.storage.blob import BlobClient
    
    sas = "
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,192 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nehruji R 8,181 Reputation points Microsoft External Staff Moderator
    2024-01-31T14:06:48.09+00:00

    Hello Purusottam

    Greetings! Welcome to Microsoft Q&A Platform.

     

    Incremental snapshots are point-in-time backups for managed disks that, when taken, consist only of the changes since the last snapshot. The first incremental snapshot is a full copy of the disk. The subsequent incremental snapshots occupy only delta changes to disks since the last snapshot.

     

    I understand that you are facing issues in copying the snapshots to other subscription, below are some prerequisites to perform the same,

     

    1.  Ensure that the incremental snapshot creation process is similar to how you created the original snapshot and with the same private endpoint and private DNS zone configurations.
    2. After creating the incremental snapshot, verify that the private access settings are maintained. Check the "Disable public access and enable private access" configuration for the managed disk.
    3. Also please verify the target subscription is configured as same as source.

       

    refer - Copy managed disk snapshot to a subscription - CLI Sample - Azure Virtual Machines | Microsoft Learn    

    The command "az storage blob copy start" is telling the storage blob to copy an object from an URI. Azure Storage Blob will try to reach the object from public endpoint, which will fail because you've disabled public access for your managed disk and snapshot. Azure Storage Blob will not have access to the private endpoint. The only way you access the snapshot is from an Azure VM that has network connectivity to the private endpoint of your snapshot, then use azcopy or Storage Explorer from the VM to access the snapshot and copy it into the Storage Blob. azcopy copy <SAS for snapshot> <SAS for Storage Blob> The Storage Blob can either use private endpoint or public endpoint.

      Hope this answer helps! Please let us know if you still encountering the issue. I’m happy to assist you further.

    0 comments
  2. Nehruji R 8,181 Reputation points Microsoft External Staff Moderator
    2024-02-06T05:37:12.4066667+00:00

    Hi, just checking in to see if the below-answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. User's image

    Please let us know if you have any further queries. I’m happy to assist you further.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.