When attempting to back up a system protected by the ShadowSnap backup agent, you receive the error message "The .datto file is not found or not accessible," or "Bad HTTP Error 500."
- Datto SIRIS
- Datto ALTO
- ShadowSnap Agent
The following additional symptoms may follow:
When attempting to access a file restore on your Datto appliance via its UNC path, you receive the error message "[UNC path] is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station."
You may also be prompted for a username & password when attempting to access the Datto appliance this way.
Local network settings render Samba shares on the Datto appliance inaccessible, or a high level of traffic prevents persistent communication between the device and the agents. ShadowSnap backups require a non-interactive connection from the agent to a public Samba share on the Datto appliance in order to transfer the backup data.
Common causes of this error are:
- Poor network latency.
- Hostnames fail to resolve from the Datto appliance.
- Agents hosted on another subnet are not routable to the Datto appliance.
- Improper routing tables.
- Another service may have generated a conflict, such as those found in Commonly found VSS-Related Services
- Samba communication is disabled on the production machine. This is often performed by IT administrators as a defense measure against ransomware such as WannaCry.
- SMB signing settings are mismatched. SMB signing must be disabled on the client or an SMB signing mismatch will occur.
- Low system resources.
- The Datto appliance is joined to the Domain.
- Registry or Group Policy settings are preventing the protected machine from connecting to the Datto appliance via UNC.
- Set Share Compatibility Mode for the specific agent.
- On protected Windows machines, for the active network connection, enable the Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks.
- Unjoin the Datto appliance from the Domain. If this is required in your deployment, contact Datto Technical Support.
- Check the subnet masks and DNS settings for the protected machines to ensure that the Datto device has the correct network settings to allow the device to reach the agents.
- Create a DNS A record on the DNS server using the device's hostname, and reboot the affected server.
- Verify that the Datto appliance has both a local level DNS server and search domain configured to resolve local hostnames.
If these steps fail to resolve the issue, proceed to the next steps of these articles.
Test UNC Functionality
Create a Public NAS Share on the Datto appliance and access it from the protected machine. If the share is inaccessible, use another machine on the same network.
- If the share is inaccessible from just the protected machine, modify necessary settings on the network to ensure it can access the share via UNC such as the LanmanWorkstation registry.
- If if the share is inaccessible from any machine on the network, ensure that the Group Policy regarding the Datto appliance has all necessary permissions and records in place for resolution. Additional information on Group Policy configuration regarding SMB mismatching can be found in this Microsoft article: http://support.microsoft.com/kb/916846.
Modifying this registry may resolve UNC connectivity issues between the protected machine
In the registry, check the value of the following two LanmanWorkstation keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters\Enablesecuritysignature = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters\Requiresecuritysignature = 1
If they are both set to 1, change the Requiresecuritysignature value to 0, and reboot the protected machine. For more information about the LanmanWorkstation service, see this article.
For Advanced-Trained partners only
- Disable SMB v1 in Managed Environments with Group Policy (external link)
- Require SMB Security Signatures (external link)
- The Basics of SMB Signing (external link)
- Windows Server 2012 R2: Which version of the SMB protocol (SMB 1.0, SMB 2.0, SMB 2.1, SMB 3.0 or SMB 3.02) are you using? (external link)