Troubleshooting: on-premises gateway issues - AWS Storage Gateway
Turning on AWS Support access to help troubleshoot your gateway

Amazon FSx File Gateway is no longer available to new customers. Existing customers of FSx File Gateway can continue to use the service normally. For capabilities similar to FSx File Gateway, visit this blog post.

Troubleshooting: on-premises gateway issues

You can find information following about typical issues that you might encounter working with your on-premises gateways, and how to allow AWS Support to connect to your gateway to assist with troubleshooting.

The following table lists typical issues that you might encounter working with your on-premises gateways.

Issue Action to Take

You cannot find the IP address of your gateway.

Use the hypervisor client to connect to your host to find the gateway IP address.

  • For VMware ESXi, the VM's IP address can be found in the vSphere client on the Summary tab.

  • For Microsoft Hyper-V, the VM's IP address can be found by logging into the local console.

If you are still having trouble finding the gateway IP address:

  • Check that the VM is turned on. Only when the VM is turned on does an IP address get assigned to your gateway.

  • Wait for the VM to finish startup. If you just turned on your VM, then it might take several minutes for the gateway to finish its boot sequence.

You're having network or firewall problems.

  • Allow the appropriate ports for your gateway.

  • If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to AWS. For more information about network and firewall requirements, see Network and firewall requirements.

Your gateway's activation fails when you click the Proceed to Activation button in the Storage Gateway Management Console.

  • Check that the gateway VM can be accessed by pinging the VM from your client.

  • Check that your VM has network connectivity to the internet. Otherwise, you'll need to configure a SOCKS proxy. For more information on doing so, see Testing your gateway's network connectivity.

  • Check that the host has the correct time, that the host is configured to synchronize its time automatically to a Network Time Protocol (NTP) server, and that the gateway VM has the correct time. For information about synchronizing the time of hypervisor hosts and VMs, see Configuring a Network Time Protocol (NTP) server for your gateway.

  • After performing these steps, you can retry the gateway deployment using the Storage Gateway console and the Setup and Activate Gateway wizard.

  • Check that your VM has at least 16 GB of RAM. Gateway allocation fails if there is less than 16 GB of RAM. For more information, see File Gateway setup requirements.

You need to improve bandwidth between your gateway and AWS.

You can improve the bandwidth from your gateway to AWS by setting up your internet connection to AWS on a network adapter (NIC) separate from that connecting your applications and the gateway VM. Taking this approach is useful if you have a high-bandwidth connection to AWS and you want to avoid bandwidth contention, especially during a snapshot restore. For high-throughput workload needs, you can use AWS Direct Connect to establish a dedicated network connection between your on-premises gateway and AWS. To measure the bandwidth of the connection from your gateway to AWS, use the CloudBytesDownloaded and CloudBytesUploaded metrics of the gateway. For more on this subject, see Performance and optimization. Improving your internet connectivity helps to ensure that your upload buffer does not fill up.

Throughput to or from your gateway drops to zero.

  • On the Gateway tab of the Storage Gateway console, verify that the IP addresses for your gateway VM are the same that you see using your hypervisor client software (that is, the VMware vSphere client or Microsoft Hyper-V Manager). If you find a mismatch, restart your gateway from the Storage Gateway console, as shown in Shutting down your gateway VM. After the restart, the addresses in the IP Addresses list in the Storage Gateway console's Gateway tab should match the IP addresses for your gateway, which you determine from the hypervisor client.

    • For VMware ESXi, the VM's IP address can be found in the vSphere client on the Summary tab.

    • For Microsoft Hyper-V, the VM's IP address can be found by logging into the local console.

  • Check your gateway's connectivity to AWS as described in Testing your gateway's network connectivity.

  • Check your gateway's network adapter configuration in your hypervisor management client and ensure that all the interfaces you intend to use for the gateway are activated.

  • Check your gateway's network adapter configuration in the gateway local console. For instructions, see Configuring your gateway network settings.

You can view the throughput to and from your gateway from the Amazon CloudWatch console. For more information about measuring throughput to and from your gateway to AWS, see Performance and optimization.

You are having trouble importing (deploying) Storage Gateway on Microsoft Hyper-V.

See Troubleshooting: Microsoft Hyper-V setup, which discusses some of the common issues of deploying a gateway on Microsoft Hyper-V.

You receive a message that says: "The data that has been written to the volume in your gateway isn't securely stored at AWS".

You receive this message if your gateway VM was created from a clone or snapshot of another gateway VM. If this isn’t the case, contact AWS Support.

Turning on AWS Support access to help troubleshoot your gateway hosted on-premises

Storage Gateway provides a local console you can use to perform several maintenance tasks, including allowing AWS Support to access your gateway to assist you with troubleshooting gateway issues. By default, AWS Support access to your gateway is turned off. You turn on this access through the host's local console. To give AWS Support access to your gateway, you first log in to the local console for the host, navigate to the Storage Gateway's console, and then connect to the support server.

To turn on AWS Support access to your gateway

  1. Log in to your host's local console.

  2. At the prompt, enter the corresponding numeral to select Gateway Console.

  3. Enter h to open the list of available commands.

  4. Do one of the following:

    • If your gateway is using a public endpoint, in the AVAILABLE COMMANDS window, enter open-support-channel to connect to customer support for Storage Gateway. Allow TCP port 22 so you can open a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.

    • If your gateway is using a VPC endpoint, in the AVAILABLE COMMANDS window, enter open-support-channel. If your gateway is not activated, provide the VPC endpoint or IP address to connect to customer support for Storage Gateway. Allow TCP port 22 so you can open a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.

    Note

    The channel number is not a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, the gateway makes a Secure Shell (SSH) (TCP 22) connection to Storage Gateway servers and provides the support channel for the connection.

  5. After the support channel is established, provide your support service number to AWS Support so AWS Support can provide troubleshooting assistance.

  6. When the support session is completed, enter q to end it. Don't close the session until Amazon Web Services Support notifies you that the support session is complete.

  7. Enter exit to log out of the Storage Gateway console.

  8. Follow the prompts to exit the local console.