New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CannotVerifyCopySource
error - recursive copy from blob to file share on same storage account
#721
Comments
First time |
Hi, there are two issues here. The first issues is the authentication failure. This seems to be that one of your SAS tokens (probably the blob one, I think) isn't giving AzCopy the necessary rights. I can't tell from the info whether that's because the token you constructed didn't actually give the necessary rights, or if your token was fine but it wasn't interpreted properly. Or, there's one other possibility: if I recall correctly, you can't do service-to-service copies between the public (i.e. global) Azure cloud and the national (aka sovereign) clouds. (E.g. the US Govt one). Assuming your source and destination are both in the some cloud (e.g. both in the main Azure public cloud) or both in US Govt, or both in Azure China etc, then it's probably just some kind of SAS issue. I'd suggest that you fire up Storage Explorer, and right click on the source container and the destination file share, and choose on each the "Get Shared Access Signature". For the source, use the default permissions (Read and List) and for the destination tick all the boxes (read, list, write, update, create etc). If your copy works with those SAS's then it must be something about the SAS's that was causing your failure. Please let us know how you get on. The other issues is that, after failures, AzCopy is supposed to delete destination files that have been created but which don't yet have any content. So, instead of seeing a file full of zeroes, you should have seen no destination file at all. Unfortunately, there is one case where that automatic cleanup doesn't happen: authentication errors. I've added a task to our backlog to make that cleanup happen after authentication failures. |
I'll ask colleagues and see what I can find. |
I can reproduce the problem when copying from Blob to File. Am making inquiries and will update here when have some more info. |
The team has replied. It's supposed to be enough to grant the machine running AzCopy access in your firewall rules, as you have done. And in fact that works fine for blob to blob copies. In that case, the system is smart enough to securely use the client IP address to authenticate the service-to-service copy. The same behaviour is not yet enabled for Blob to Azure Files. It will be enabled soon - e.g. in about 2 weeks. If that's going to hold up your work, please email me and we'll see what we can do. We might be able to do something sooner for you. My email address is in my profile page. |
I'm going to close this one now, because it's service-side issue, not a problem with AzCopy itself. As noted above, the service-side fix should be rolled out soon. |
Oh, and the second issue here, the failure to cleanup destination files after authentication errors, was fixed in yesterday's release of AzCopy 10.3.2. |
Which version of the AzCopy was used?
Note: The version is visible when running AzCopy without any argument
azcopy version 10.3.1
Which platform are you using? (ex: Windows, Mac, Linux)
Linux-5.0.0-32-generic-x86_64-with-Ubuntu-19.04-disco
What command did you run?
Note: Please remove the SAS to avoid exposing your credentials. If you cannot remember the exact command, please retrieve it from the beginning of the log file.
What problem was encountered?
The file was copied but contains null chars instead of the text 'abcd' as expected
How can we reproduce the problem in the simplest way?
Have you found a mitigation/solution?
None - tried to use
blobxfer
and that failed too, see Azure/blobxfer#108Error logs
Despite being a 'fresh' SAS token with no explicit restrictions I get an auth failure code
CannotVerifyCopySource
The text was updated successfully, but these errors were encountered: