Why does my gateway show as offline in Storage Gateway?

Resolution

When the on-premises virtual machine (VM) or Amazon Elastic Compute Cloud (Amazon EC2) instance that hosts the gateway doesn't have enough resources, the gateway might go offline.

Confirm that the on-premises VM or the Amazon EC2 instance meets the minimum requirements to keep the gateway online.

The following are common reasons why your gateway is offline.

The gateway can't reach the service endpoints

Test your gateway's network connectivity. The service endpoint type is either a Storage Gateway service endpoint or a virtual private cloud (VPC) endpoint.

To troubleshoot connectivity issues with an instance-hosted gateway, you can also use Reachability Analyzer.

The following are some of the common error responses that you might receive when you test network connectivity.

"[FAILED ] Endpoint domain not found"

You receive the preceding error when the gateway's VM or EC2 instance can't resolve the gateway service endpoints. Check the connectivity to the DNS server and whether the DNS server can resolve either VPC endpoint DNS name. To update the gateway's DNS server information, see Configuring your gateway network settings.

"[ FAILED ] No response from endpoint host"

You receive the preceding error when the gateway's VM or EC2 instance can't reach the service endpoints.

To confirm connectivity, run the ncport command on the gateway local console that you access from your VM host platform:

ncport -d client-cp.storagegateway.eu-west-1.amazonaws.com -p 443

To identify the router that's blocking the forward traffic to the service endpoints, run the tcptraceroute command:

tcptraceroute -d client-cp.storagegateway.eu-west-1.amazonaws.com -p 443 

"[NETWORK TEST: PASSED] [SSL TEST: FAILED]"

You receive the preceding error when a security system, such as a firewall or proxy, modifies the certificate issuer. To identify the certificate issuer, run the following command:

sslcheck -d client-cp.storagegateway.eu-west-1.amazonaws.com -p 443

The certificate issuer must be a certification authority trusted by Amazon, similar to the one in the following example:

subject=/CN=client-cp.storagegateway.eu-west-1.amazonaws.com
issuer=/C=US/O=Amazon/CN=Amazon RSA 2048 M01

You removed or modified the cache disk that's associated with the gateway, or the cache disk failed

If you removed the cache disk from the hypervisor host, then complete the following steps:

1. Shut down the gateway.
2. Add the disk.
   Note: For an instance-hosted gateway, make sure to add the disk to the same disk node.
3. Restart the gateway.

If the cache disk failed, or you replaced or modified the cache disk, then complete the following steps:

1. Shut down the gateway.
2. Reset the cache disk.
3. Reconfigure the disk for cache storage.
4. Restart the gateway.

You didn't synchronize the gateway's VM time

For the gateway to successfully validate certificates when it connects to the service endpoints, you must synchronize the VM time with an Network Time Protocol (NTP) server.

Storage Gateway performed a maintenance update

Storage Gateway regularly updates its kernel, patches, and features. Maintenance updates might require reboots that temporarily take the gateway offline. Check whether an update was in progress at the time that the gateway went offline.

Restore production

Note: When two gateways write files to the same bucket, data inconsistency can occur.

Replace your offline S3 File Gateway

To replace your offline S3 File Gateway that references the same Amazon Simple Storage Service (Amazon S3) bucket, activate a new S3 File Gateway.

When you use this method to restore production, you might experience a delay when the gateway reads from the S3 bucket. Confirm that no files are stuck and that the CachePercentDirty metric is 0.

To replace your existing S3 File Gateway with a new instance, see Replacing your existing S3 File Gateway with a new instance. When you replace an existing S3 File Gateway, the cache disk is moved to a new gateway VM or instance. Cached data is retained and the read operations are performed in the same phase.

Replace your offline Volume Gateway

To replace your offline Volume Gateway for cached volumes, create a new storage volume. For Volume content, choose Create volume from an Amazon EBS snapshot or clone from last recovery point.

If you don't have a clone of your cached volume, then see Cloning a cached volume from a recovery point.

Note: Because cached volumes are stored in Amazon S3, Storage Gateway doesn't create an Amazon Elastic Block Store (Amazon EBS) snapshot for them. To create a snapshot of a cached volume, see Creating a recovery snapshot. For more information, see Editing a snapshot schedule.

To restore production for stored volumes, see Moving stored volumes to a new stored Volume Gateway.

Note: You incur charges for the data that you download from AWS to your gateway cache.

Replace your offline FSx File Gateway

To replace your online FSx File Gateway, activate a new FSx gateway with the same FSx for Windows servers as the backend. Confirm that there are no stuck files and that the CachePercentDirty metric is 0.

Replace your offline Tape Gateway

To replace your offline Tape Gateway, activate a new Tape Gateway and connect it to a backup application. For more information, see Troubleshooting virtual tape issues. To complete the transition of the tapes to the corresponding archive, export the tapes from the backup application and update the status to Archived.