Backup Failure: Cannot connect to host
Issue
Backup attempts of a production machine fail due to communication issues. This can manifest one of the following error messages, depending on agent version, device update, and the agent response, if any:
Backup request ignored host is unreachable. Rename and reassign the system on the Agent Configuration Page.
Unable to start backup because agent is unreachable.
BK102: Backup failed due to a problem establishing secure connections with the agent
BK103: Backup failed because the agent was unable to initiate the backup job.
Critical backup failure: HTTP: Could not connect to host
Cannot connect to the host - aborting backup.
Environment
- Datto SIRIS
- Datto Alto
- Datto Windows Agent
- Agentless Backup
Cause
This issue occurs when the production machine's agent software (DWA) or the virtual machine host (agentless), is not communicating properly with the Datto device. Potential causes for this include:
The production machine is not reachableIf the production machine is unable to be reached from the Datto device at the paired IP address or hostname, then backups will fail. Testing the production machines communication can be done with the following:
Try to ping the Datto appliance's IP address from the protected machine reporting the error through the Windows Command prompt.
If the ping request fails, or if you observe high packet loss, this indicates a networking issue beyond the scope of the Datto appliance. Investigate your network infrastructure for contributing factors.
Make sure that the environment of the protected machine and the Datto appliance meets the networking and bandwidth requirements described in this article.
Attempt to ping the protected machine from another machine on the network. Verify that the protected machine's IP address, hostname, or domain name has not changed since its initial pairing with the Datto device. If it has changed, rename the agent on the Configure Agent Settings page of the Datto appliance GUI.
NOTE If agents paired by hostname are reporting as unreachable, make sure to specify a DNS Search Domain in the Network Configuration User Interface. The Datto appliance will be unable to resolve hostnames without this information.
Datto Windows Agent is not reachable (DWA)If the production machine is confirmed to be reachable, then the issue may be with the agent service or the ports utilized for communication. Confirm that the agent service is installed and running on the production machine:
- Datto Backup Agent Service
NOTE Older versions of the Datto Windows Agent include the DattoProvider service.
It is recommended to be running the most up to date version of the Datto Windows Agent. More information on the latest release can be found here: Release Notes.
The following ports should be open and whitelisted as needed for communication from the Datto device. Check that the Windows Firewall is enabled and running, and includes the required exceptions defined here.
- Port 25568, the port used by the Datto Windows Agent to communicate with the Datto device, is blocked or filtered. If the Datto Windows agent is running, this port will be listening. Review Getting Started with the Datto Windows Agent for more information.
- Port 3260, the port used by iSCSI for encrypted backup transfers for the agent, and sometimes backups for the Datto Windows Agent, is blocked or filtered.
- Port 3262, the primary port used by the Datto Windows Agent for backup transfers, is blocked or filtered.
The hypervisor host is not reachable (Agentless)Verify connectivity between the Datto appliance and the hypervisor, and that networking requirements are satisfied as defined in the Unified Backup Networking & Bandwidth Requirements.
Restart the vCenter service using the vSphere console.
Once the ports are verified and the datto device is able to communicate with the production machine, repair the agent communications.
