Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Troubleshooting on-premises gateway issues

PDF
RSS
Focus mode
Troubleshooting on-premises gateway issues - AWS Storage Gateway
Activating Support to help troubleshoot your gateway

You can find information following about typical issues that you might encounter working with your on-premises gateways, and how to activate Support to help troubleshoot your gateway.

The following table lists typical issues that you might encounter working with your on-premises gateways.

Issue Action to Take

You cannot find the IP address of your gateway.

Use the hypervisor client to connect to your host to find the gateway IP address.

  • For VMware ESXi, the VM's IP address can be found in the vSphere client on the Summary tab.

  • For Microsoft Hyper-V, the VM's IP address can be found by logging into the local console.

If you are still having trouble finding the gateway IP address:

  • Check that the VM is turned on. Only when the VM is turned on does an IP address get assigned to your gateway.

  • Wait for the VM to finish startup. If you just turned on your VM, then it might take several minutes for the gateway to finish its boot sequence.

You're having network or firewall problems.

  • Allow the appropriate ports for your gateway.

  • SSL cert validation/inspection should not be activated. Storage Gateway utilizes mutual TLS authentication which would fail if any 3rd party application tries to intercept/sign either certificate.

  • If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to AWS. For more information about network and firewall requirements, see Network and firewall requirements.

Your gateway's activation fails when you click the Proceed to Activation button in the Storage Gateway Management Console.

  • Check that the gateway VM can be accessed by pinging the VM from your client.

  • Check that your VM has network connectivity to the internet. Otherwise, you'll need to configure a SOCKS proxy. For more information on doing so, see Configuring a SOCKS5 proxy for your on-premises gateway.

  • Check that the host has the correct time, that the host is configured to synchronize its time automatically to a Network Time Protocol (NTP) server, and that the gateway VM has the correct time. For information about synchronizing the time of hypervisor hosts and VMs, see Synchronize VM time with Hyper-V or Linux KVM host time.

  • After performing these steps, you can retry the gateway deployment using the Storage Gateway console and the Setup and Activate Gateway wizard.

  • SSL cert validation/inspection should not be activated. Storage Gateway utilizes mutual TLS authentication which would fail if any 3rd party application tries to intercept/sign either certificate.

  • Check that your VM has at least 7.5 GB of RAM. Gateway allocation fails if there is less than 7.5 GB of RAM. For more information, see Requirements for setting up Tape Gateway.

You need to remove a disk allocated as upload buffer space. For example, you might want to reduce the amount of upload buffer space for a gateway, or you might need to replace a disk used as an upload buffer that has failed.

For instructions about removing a disk allocated as upload buffer space, see Removing Disks from Your Gateway.

You need to improve bandwidth between your gateway and AWS.

You can improve the bandwidth from your gateway to AWS by setting up your internet connection to AWS on a network adapter (NIC) separate from that connecting your applications and the gateway VM. Taking this approach is useful if you have a high-bandwidth connection to AWS and you want to avoid bandwidth contention, especially during a snapshot restore. For high-throughput workload needs, you can use AWS Direct Connect to establish a dedicated network connection between your on-premises gateway and AWS. To measure the bandwidth of the connection from your gateway to AWS, use the CloudBytesDownloaded and CloudBytesUploaded metrics of the gateway. For more on this subject, see Measuring Performance Between Your Tape Gateway and AWS. Improving your internet connectivity helps to ensure that your upload buffer does not fill up.

Throughput to or from your gateway drops to zero.

  • On the Gateway tab of the Storage Gateway console, verify that the IP addresses for your gateway VM are the same that you see using your hypervisor client software (that is, the VMware vSphere client or Microsoft Hyper-V Manager). If you find a mismatch, restart your gateway from the Storage Gateway console, as shown in Shutting Down Your Gateway VM. After the restart, the addresses in the IP Addresses list in the Storage Gateway console's Gateway tab should match the IP addresses for your gateway, which you determine from the hypervisor client.

    • For VMware ESXi, the VM's IP address can be found in the vSphere client on the Summary tab.

    • For Microsoft Hyper-V, the VM's IP address can be found by logging into the local console.

  • Check your gateway's connectivity to AWS as described in Testing your gateway connection to the internet.

  • Check your gateway's network adapter configuration, and ensure that all the interfaces you intended to be activated for the gateway are activated. To view the network adapter configuration for your gateway, follow the instructions in Configuring Your Gateway Network and select the option for viewing your gateway's network configuration.

You can view the throughput to and from your gateway from the Amazon CloudWatch console. For more information about measuring throughput to and from your gateway and AWS, see Measuring Performance Between Your Tape Gateway and AWS.

You are having trouble importing (deploying) Storage Gateway on Microsoft Hyper-V.

See Troubleshooting Microsoft Hyper-V setup, which discusses some of the common issues of deploying a gateway on Microsoft Hyper-V.

You receive a message that says: "The data that has been written to the volume in your gateway isn't securely stored at AWS".

You receive this message if your gateway VM was created from a clone or snapshot of another gateway VM. If this isn’t the case, contact Support.

Allowing Support to help troubleshoot your gateway hosted on-premises

Storage Gateway provides a local console you can use to perform several maintenance tasks, including activating Support to access your gateway to assist you with troubleshooting gateway issues. By default, Support access to your gateway is deactivated. You provide this access through the host's local console. To give Support access to your gateway, you first log in to the local console for the host, navigate to the Storage Gateway's console, and then connect to the support server.

To allow Support access to your gateway

  1. Log in to your host's local console.

  2. At the prompt, enter the corresponding numeral to select Gateway Console.

  3. Enter h to open the list of available commands.

  4. Do one of the following:

    • If your gateway is using a public endpoint, in the AVAILABLE COMMANDS window, enter open-support-channel to connect to customer support for Storage Gateway. Allow TCP port 22 so you can open a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.

    • If your gateway is using a VPC endpoint, in the AVAILABLE COMMANDS window, enter open-support-channel. If your gateway is not activated, provide the VPC endpoint or IP address to connect to customer support for Storage Gateway. Allow TCP port 22 so you can open a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.

    Note

    The channel number is not a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, the gateway makes a Secure Shell (SSH) (TCP 22) connection to Storage Gateway servers and provides the support channel for the connection.

  5. After the support channel is established, provide your support service number to Support so Support can provide troubleshooting assistance.

  6. When the support session is completed, enter q to end it. Don't close the session until Amazon Web Services Support notifies you that the support session is complete.

  7. Enter exit to log out of the gateway console.

  8. Follow the prompts to exit the local console.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.