One of my blog readers contacted me via email for an error message which he was receiving while using the backup to URL feature. Using this feature, SQL Server can take database backup directly to Azure Blob Storage. I have already written a blog about few errors which I received earlier but this error was new. I replied him asking more details and it was an easy error to fix. In this blog we would discuss how to fix 3271, The remote server returned an error: (403) Forbidden.
Here is the command which I have used to reproduce the error.
BACKUP DATABASE SQLAuthority TO URL='https://sqlprodbkups.blob.core.windows.net/sqldbbackups/SQLAuthority.bak' WITH CREDENTIAL ='AzBackupCred'
And the error message is below
Msg 3271, Level 16, State 1, Line 1
A nonrecoverable I/O error occurred on file “https://sqlprodbkups.blob.core.windows.net/sqldbbackups/SQLAuthority.bak:” Backup to URL received an exception from the remote endpoint. Exception Message: The remote server returned an error: (403) Forbidden..
Msg 3013, Level 16, State 1, Line 1
BACKUP DATABASE is terminating abnormally.
If you notice the error 3271 can come because of multiple reasons. An important piece of the error message is the error returned by the remote server. In this case, we are getting error 403 – Forbidden. Below is one earlier blog where I discussed Error – 400 – Bad Request SQL SERVER – Backup to URL Fails in Azure Resource Manager (ARM) Deployment Model with Error – (400) Bad Request
As you can see there is nothing wrong with the command. As soon as we run the command, SQL Server uses the credential to connect to storage and performs a backup. When I checked the credential, it was created using Access Keys in the portal. In our case, we have given container name instead of storage account name while creating credential.
Below image should give a clear picture of what needs to be given at which place.
Credential Name = any name which we need to use in BACKUP command
Identity = Storage Account Name which can be found under “Access Keys”.
Password and Confirm Password = Either Key1 or Key2.
It didn’t take much time to realize that my client has used some random name in Identity instead of storage account name and that was the cause of the error. We were able to fix that using ALTER command as below
USE [master] GO ALTER CREDENTIAL [AzBackupCred] WITH IDENTITY = N'sqlprodbkups', SECRET = N'Value In Key1' GO
Hope this would help you in fixing error 403, forbidden while taking backup to URL.
Reference: Pinal Dave (https://blog.sqlauthority.com)
I ran into a similar problem (same 403 error) but the credentials were absolutely fine and I was scratching my head until I realised that I’d enabled the firewall on the backup destination storage account and hadn’t included an exception for the SQL server itself.
I ran into a similar problem and the credential is absolutely fine and firewall of storage account already “allow access” for all networks. What should I do?
I got the same error. when i do backup in stand-alone instance then it works fine. but when i do the same backup in Always On instance then it got failed with error 3271.
ERROR Message : A nonrecoverable I/O error occurred on file “URL Location” Backup to URL received an exception from the remote endpoint. Exception Message: The underlying connection was closed: An unexpected error occurred on a send..
what should i do?
Thank you so much, it helped me to resolve the issue.
Same issue, when using Storage Account, Account kind : BlobStorage, creadentials are ok,
error. Backup to URL received an exception from the remote endpoint. Exception Message: The remote server returned an error: (400) Bad Request..
while if I use Storage Account, Account kind : StorageV2 (general purpose v2)
all if fine