AWS Cloud Storage Configuration fails with error "The server was unable to complete the requested operation."

Article: 100047694
Last Published: 2023-03-31
Ratings: 2 13
Product(s): Backup Exec

Problem

AWS Cloud Storage Configuration fails with error "The server was unable to complete the requested operation."

Error Message

BEMSDK Failure Code : E0009840

 

Backup Exec SGMON Debug Log:

BESERVER:     51 STSOBJECT: STS Debug Info: session (16531708): 'CurlHttpClient: CurlHttpClient::processCompletedEasyHandle: STS error: 0, cURL error: 0, multi cURL error: 0, HTTP return value: 403'

BESERVER:     51 STSOBJECT: STS ERROR: session (16531708): 'CurlHttpClient: CurlHttpClient::checkCompletedHandles : function processCompletedEasyHandle failed with error 2060037 ("access not allowed").'

MANAGEMENT:    ERROR: LocalizedException:
MANAGEMENT:   ERROR:   Message: The server was unable to complete the requested operation.
MANAGEMENT:   ERROR:   Reason: Unable to authenticate with the CloudStorage device.  Ensure that the logon account that is required to access the device has the correct credentials.
MANAGEMENT:  ERROR:   Info: BEMSDK Failure Code: E0009B40

 

Cause

Insufficient permissions to access AWS resources or bucket.

 

Solution

Ensure that following AWS permissions are assigned to top level resource and buckets resource. 

Following in an example of policy with Backup Exec required permissions:

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": [

                "s3:GetBucketLocation",

                "s3:ListAllMyBuckets",

                "s3:CreateBucket",

                "s3:ListBucket"

            ],

            "Resource": "arn:aws:s3:::*"

        },

        {

            "Effect": "Allow",

            "Action": [

                "s3:PutObject",

                "s3:GetObject",

                "s3:DeleteObject",

                "s3:RestoreObject"

            ],

            "Resource": [

                "arn:aws:s3:::BucketName/*"

            ]

        }

    ]

}

 

Was this content helpful?