Azure Storage Blobs Vaulted Backup generating GetBlob failures

Hans Weihe 6 Reputation points
2024-06-19T06:57:54.4033333+00:00

I have implemented Azure Storage Blobs vaulted backup (preview), and the solution seems to generate many GetBlob failures.

It is the Vaulted Backup (preview) that I have used: https://learn.microsoft.com/en-us/azure/backup/blob-backup-overview?tabs=vaulted-backup

If I go to Storage Account Insights, I can see many failing GetBlob's.

User's image

I can see from the diagnostics that this is not generated by our application but instead from what I believe is the Vaulted Backup. I can reproduce these errors in 2 different tenants.

The screenshot shows the errors logged. The CallerIp is a foreign Azure IP. The Uri shows it has something to do with the blob change feed.

User's image

Does anyone know what is causing these failures?

Best Regards

Hans

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,906 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Nehruji R 4,451 Reputation points Microsoft Vendor
    2024-06-20T06:44:06.58+00:00

    Hello Hans Weihe,

    Greetings! Welcome to Microsoft Q&A Platform.

    I understand that you’re encountering GetBlob failures related to Azure Storage Blobs vaulted backup.

    Vaulted backup (preview) for blobs is currently available in all public regions except South Africa West, Sweden Central, Sweden South, Israel Central, Poland Central, India Central, Italy North and Malaysia South.

    There are some limitations which you might need consider before implementing the Vaulted Backup to Azure Blobs,

    • You can back up only block blobs in a standard general-purpose v2 storage account using the vaulted backup solution for blobs.
    • HNS-enabled storage accounts are currently not supported. This includes ADLS Gen2 accounts, accounts using NFS 3.0, and SFTP protocols for blobs.
    • You can back up storage accounts with up to 100 containers. You can also select a subset of containers to back up (up to 100 containers).
      • If your storage account contains more than 100 containers, you need to select up to 100 containers to back up.
      • To back up any new containers that get created after backup configuration for the storage account, modify the protection of the storage account. These containers aren't backed up automatically.
    • The storage accounts to be backed up must contain a minimum of 1 container. If the storage account doesn't contain any containers or if no containers are selected, an error may appear when you configure backup.
    • Currently, you can perform only one backup per day (that includes scheduled and on-demand backups). Backup fails if you attempt to perform more than one backup operation a day.
    • If you stop protection (vaulted backup) on a storage account, it doesn't delete the object replication policy created on the storage account. In these scenarios, you need to manually delete the OR policies.
    • Cool and archived blobs are currently not supported.
    • Confirm by going to the backup vault and create backup policy and check if you have the vaulted backup option is enabled or not? Also make sure to check if the BlobVaultedBackup preview feature is enabled on your subscription?
    • Verify if you have these minimum permissions have been consolidated under the Storage Account Backup Contributor role. We recommend you to assign this role to the Backup vault before you configure backup refer article.
    • Ensure that the storage accounts you want to back up have cross-tenant replication enabled. You can check this by navigating to the storage account > Object replication > Advanced settings. Make sure the checkbox for cross-tenant replication is enabled.
    • Check if the storage account is part of a virtual network or firewalled. Such restrictions could cause errors during backup operations.

    Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.


    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments