Review copy errors in uploads from Azure Data Box and Azure Data Box Heavy devices

This article describes review and follow-up for errors that occasionally prevent files from uploading to the Azure cloud from an Azure Data Box or Azure Data Box Heavy device.

The error notification and options vary depending on whether you can fix the error in the current upload:

• Retryable errors - You can fix many types of copy error and resume the upload. The data is then successfully uploaded in your current order.

  An example of a retryable error is when Large File Shares are not enabled for a storage account that requires shares with data more than 5 TiB. To resolve this, you will need to enable this setting and then confirm to resume data copy. This type of error is referred to as a retryable error in the discussion that follows.

• Non-retryable errors - These are errors that can't be fixed. For those errors, the upload pauses to give you a chance to review the errors. But the order completes without the data that failed to upload, and the data is secure erased from the device. You'll need to create a new order after you resolve the issues in your data.

  An example of a non-retryable error is if a blob storage container is configured as Write Once, Read Many (WORM). Upload of any blobs that are already stored in the container will fail. This type of error is referred to as a non-retryable error in the discussion that follows.

Note

The information in this article applies to import orders only.

Upload errors notification

When a file upload fails because of an error, you'll receive a notification in the Azure portal. You can tell whether the error can be fixed by the status and options in the order overview.

Retryable errors: If you can fix the error in the current order, the notification looks similar to the following one. The current order status is Data copy halted. You can either choose to resolve the error or proceed with data erasure without making any change. If you select Resolve error, a Resolve error screen will tell you how to resolve each error. For step-by-step instructions, see Review errors and proceed.

Non-retryable errors: If the error can't be fixed in the current order, the notification looks similar to the following one. The current order status is Data copy completed with errors. Device pending data erasure. The errors are listed in the data copy log, which you can open using the Copy Log Path. For guidance on resolving the errors, see Summary of upload errors.

You can't fix these errors. The upload has completed with errors. The notification lets you know about any configuration issues you need to fix before you try another upload via network transfer or a new import order.

After you review the errors and confirm you're ready to proceed, the data is secure erased from the device. If you don't respond to the notification, the order is completed automatically after 14 days. For step-by-step instructions, see Review errors and proceed.

Review errors and proceed

How you proceed with an upload depends on whether the errors can be fixed and the current upload resumed (see Retryable errors tab), or the errors can't be fixed in the current order (see the Non-retryable errors tab).

Retryable errors

When a retryable error occurs during an upload, you receive a notification with instructions for fixing the error. If you can't fix the error, or prefer not to, you can proceed with the order without fixing the errors.

To resolve retryable copy errors during an upload, do these steps:

1. Open your order in the Azure portal.

   If any retryable copy errors prevented files from uploading, you'll see the following notification. The current order status will be Data copy halted.

   

2. Select Resolve error to view help for the errors.

   Your screen will look similar to the one below. In the example, the Enable large file share error can be resolved by toggling Not enabled for each storage account.

   The screen tells how to recover from two other copy errors: a missing storage account and a missing access key.

   For each error, there's a Learn more link to get more information.

   

3. After you resolve the errors, select the check box by I confirm that the errors have been resolved. Then select Proceed.

   The order status changes to Data copy error resolved. The data copy will proceed within 24 hours.

   

   Note

   If you don't resolve all of the retryable errors, this process will repeat after the data copy proceeds. To proceed without resolving any of the retryable errors, select Skip and proceed with data erasure on the Overview screen.

Non-retryable errors

The following errors can't be resolved in the current order. The order will be completed automatically after 14 days. By acting on the notification, you can move things along more quickly.

To review non-retryable errors and proceed with your order, do the following:

1. Open your order in the Azure portal.

   If any non-retryable errors prevented files from uploading, you'll see the following notification. The current order status will be Data copy completed with errors. Device pending data erasure.

   

   Make a note of the COPY LOG PATH in DATA COPY DETAILS. You'll review the errors in the data copy log.

   Note

   If firewall rules are set on the storage account for your Data Box, you might not be able to access copy logs from the Azure portal by using COPY LOG PATH on the Overview pane. To access the logs, either modify the storage firewall settings to allow the current system, or use a system which is in the firewall network.

2. Select Confirm device erasure to open a review panel.

   

3. Review the errors in the data copy log using the copy log path that you made a note of earlier. If you need to, you can select Close to display the path again.

   You'll need to fix any configuration issues before you try another upload via a network transfer or a new import order.

4. After you review the errors, select the check box to acknowledge that you're ready to proceed with data erasure. Then select Proceed.

   

   After the data is secure erased from the device, the order status is updated to Copy completed with errors.

   

   If you don't take any action, the order completes automatically after 14 days.

Summary of upload errors

Review the summary tables on the Retryable errors tab or the Non-retryable errors tab to find out how to resolve or follow up on data copy errors that occurred during your upload.

Retryable errors

When the following errors occur, you can resolve the errors and include the files in the current data upload.

Error message	Error description	Error resolution
Large file share not enabled on account	Large file shares aren’t enabled on one or more storage accounts. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Large file shares are not enabled on the indicated storage accounts. Select the option highlighted to enable quota up to 100 TiB per share.
Storage account deleted or moved	One or more storage accounts were moved or deleted. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Storage accounts deleted or moved Storage accounts: <storage accounts list> were either deleted, or moved to a different subscription or resource group. Recover or re-create the storage accounts with the original set of properties, and then confirm to resume data copy. Learn more on how to recover a storage account.
Storage account location changed	One or more storage accounts were moved to a different region. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Storage accounts location changed Storage accounts: <storage accounts list> were moved to a different region. Restore the account to the original destination region and then confirm to resume data copy. Learn more on how to move storage accounts.
Virtual network restriction on storage account	One or more storage accounts are behind a virtual network and have restricted access. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Storage accounts behind virtual network Storage accounts: <storage accounts list> were moved behind a virtual network. Add Data Box to the list of trusted services to allow access and then confirm to resume data copy. Learn more about trusted first party access.
Storage account owned by a different tenant	One or more storage accounts were moved under a different tenant. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Storage accounts moved to a different tenant Storage accounts: <storage accounts list> were moved to a different tenant. Restore the account to the original tenant and then confirm to resume data copy. Learn more on how to move storage accounts.
Kek user identity not found	The user identity that has access to the customer-managed key wasn’t found in the active directory. Resolve the error and resume data copy, or skip to data erasure and complete the order.	User identity not found Applied a customer-managed key but the user assigned identity that has access to the key was not found in the active directory. This error may occur if a user identity is deleted from Azure. Try adding another user-assigned identity to your key vault to enable access to the customer-managed key. For more information, see how to Enable the key. Confirm to resume data copy after the error is resolved.
Cross tenant identity access not allowed	Managed identity couldn’t access the customer-managed key. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Cross tenant identity access not allowed Managed identity couldn’t access the customer-managed key. This error may occur if a subscription is moved to a different tenant. To resolve this error, manually move the identity to the new tenant. Try adding another user-assigned identity to your key vault to enable access to the customer-managed key. For more information, see how to Enable the key. Confirm to resume data copy after the error is resolved.
Key details not found	Couldn’t fetch the passkey as the customer-managed key wasn’t found. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Key details not found If you deleted the key vault, you can't recover the customer-managed key. If you migrated the key vault to a different tenant, see Change a key vault tenant ID after a subscription move. If you deleted the key vault and it is still in the purge-protection duration, use the steps at Recover a key vault. If the key vault was migrated to a different tenant, use one of the following steps to recover the vault: Revert the key vault back to the old tenant. Set Identity = None and then set the value back to Identity = SystemAssigned. This deletes and recreates the identity after the new identity is created. Enable Get, WrapKey, and UnwrapKey permissions for the new identity in the key vault's access policy.
Key vault details not found	Couldn’t fetch the passkey as the associated key vault for the customer-managed key wasn’t found. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Key vault details not found If you migrated the key vault to a different tenant, see Change a key vault tenant ID after a subscription move. If you deleted the key vault and it is in the purge-protection duration, use the steps in Recover a key vault. If the key vault was migrated to a different tenant, use one of the following steps to recover the vault: Revert the key vault back to the old tenant. Set Identity = None and then set the value back to Identity = SystemAssigned. This deletes and recreates the identity once the new identity has been created. Enable Get, WrapKey, and UnwrapKey permissions for the new identity in the key vault's access policy. Confirm to resume data copy after the error is resolved.
Key vault bad request exception	Applied a customer-managed key, but either the key access wasn’t granted or was revoked, or the key vault was behind a firewall. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Key vault bad request exception Add the identity selected for your key vault to enable access to the customer-managed key. If the key vault is behind a firewall, switch to a system-assigned identity and then add a customer-managed key. For more information, see how to Enable the key. Confirm to resume data copy after the error is resolved. Configure Azure Key Vault firewalls and virtual networks
Encryption key expired	Couldn’t fetch the passkey as the customer-managed key has expired. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Encryption key expired Enable the key version and then confirm to resume data copy.
Encryption key disabled	Couldn’t fetch the passkey as the customer-managed key is disabled. Resolve the error and resume data copy, or skip to data erasure and complete the order.	Encryption key disabled Enable the key version and then confirm to resume data copy.
User assigned identity not valid	Couldn’t fetch the passkey as the user assigned identity used was not valid. Resolve the error and resume data copy, or skip to data erasure and complete the order.	User assigned identity not valid Applied a customer-managed key but the user assigned identity that has access to the key is not valid. Try adding a different user-assigned identity to your key vault to enable access to the customer-managed key. For more information, see how to Enable the key. Confirm to resume data copy after the error is resolved.
User assigned identity not found	Couldn’t fetch the passkey, WrapKey, and UnwrapKey permissions for the identity in the key vault’s access policy. These permissions must remain for the lifetime of the customer-managed key. XXX Resolve the error and resume data copy, or skip to data erasure and complete the order.	User assigned identity not found Applied a customer-managed key but the user assigned identity that has access to the key wasn’t found. To resolve the error, check if: Key vault still has the MSI in the access policy. Identity is of type System assigned. Enable `G the order. Confirm to resume data copy after the error is resolved.
Unknown user error	An error has halted the data copy. Contact Support for details on how to resolve the error. Alternatively, you may skip to data erasure and review copy and error logs for the order for the list of files that weren’t copied.	Error during data copy Data copy is halted due to an error. Contact Support for details on how to resolve the error. After the error is resolved, confirm to resume data copy.

For more information about the data copy log's contents, see Tracking and event logging for your Azure Data Box and Azure Data Box Heavy import order.

Other REST API errors might occur during data uploads. For more information, see Common REST API error codes.

Non-retryable errors

The following non-retryable errors result in a notification:

Error category	Error code	Error message
UploadErrorCloudHttp	400	Bad Request (file name not valid) Learn more.
UploadErrorCloudHttp	400	The value for one of the HTTP headers is not in the correct format. Learn more.
UploadErrorCloudHttp	409	This operation is not permitted as the blob is immutable due to a policy. Learn more.
UploadErrorCloudHttp	409	The total provisioned capacity of the shares cannot exceed the account maximum size limit. Learn more.
UploadErrorCloudHttp	409	The blob type is invalid for this operation. Learn more.
UploadErrorCloudHttp	409	There is currently a lease on the blob and no lease ID was specified in the request. Learn more.
UploadErrorManagedConversionError	409	The size of the blob being imported is invalid. The blob size is <blob-size> bytes. Supported sizes are between 20,971,520 Bytes and 8,192 GiB. Learn more

For more information about the data copy log's contents, see Tracking and event logging for your Azure Data Box and Azure Data Box Heavy import order.

Other REST API errors might occur during data uploads. For more information, see Common REST API error codes.

Note

The Follow-up sections in the error descriptions describe how to update your data configuration before you place a new import order or perform a network transfer. You can't fix these errors in the current upload.

Bad Request (file name not valid)

Error category: UploadErrorCloudHttp

Error code: 400

Error description: Most file naming issues are caught during the Prepare to ship phase or fixed automatically during the upload (resulting in a Copy with warnings status). When an invalid file name is not caught, the file fails to upload to Azure.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new order, rename the listed files to meet naming requirements for Azure Files. For naming requirements, see Directory and File Names.

The value for one of the HTTP headers is not in the correct format

Error category: UploadErrorCloudHttp

Error code: 400

Error description: The listed blobs couldn't be uploaded because they don't meet format or size requirements for blobs in Azure storage.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new import order, ensure that:

• The listed page blobs align to the 512-byte page boundaries.

• The listed block blobs do not exceed the 4.75-TiB maximum size.

This operation is not permitted as the blob is immutable due to policy

Error category: UploadErrorCloudHttp

Error code: 409

Error description: If a blob storage container is configured as Write Once, Read Many (WORM), upload of any blobs that are already stored in the container will fail.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new import order, make sure the listed blobs are not part of an immutable storage container. For more information, see Store business-critical blob data with immutable storage.

The total provisioned capacity of the shares cannot exceed the account maximum size limit

Error category: UploadErrorCloudHttp

Error code: 409

Error description: The upload failed because the total size of the data exceeds the storage account size limit. For example, the maximum capacity of a FileStorage account is 100 TiB. If total data size exceeds 100 TiB, the upload will fail.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new import order, make sure the total capacity of all shares in the storage account will not exceed the size limit of the storage account. For more information, see Azure storage account size limits.

The blob type is invalid for this operation

Error category: UploadErrorCloudHttp

Error code: 409

Error description: Data import to a blob in the cloud will fail if the destination blob's data or properties are being modified.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new import order, make sure there is no concurrent modification of the listed blobs or their properties during the upload.

There is currently a lease on the blob and no lease ID was specified in the request

Error category: UploadErrorCloudHttp

Error code: 409

Error description: Data import to a blob in the cloud will fail if the destination blob has an active lease.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new import order, ensure that the listed blobs do not have an active lease. For more information, see Pessimistic concurrency for blobs.

The size of the blob being imported is invalid. The blob size is <blob-size> Bytes. Supported sizes are between 20,971,520 Bytes and 8,192 GiB.

Error category: UploadErrorManagedConversionError

Error code: 409

Error description: The listed page blobs failed to upload because they are not a size that can be converted to a Managed Disk. To be converted to a Managed Disk, a page blob must be from 20 MB (20,971,520 Bytes) to 8192 GiB in size.

Follow-up: You can't fix this error in the current upload. The upload has completed with errors. Before you do a network transfer or start a new import order, make sure each listed blob is from 20 MB to 8192 GiB in size.

Next steps

• Review common REST API errors.
• Verify data upload to Azure