Search code examples
sqlsql-serverazureazure-storagedatabase-administration

Cannot open backup device - SQL Server on-premise backup database to Azure storage

I have a database running on an on-premise SQL Server instance. I've set up a SQL agent to backup the database every night and store in a container in Azure. However, I'm seeing the following error after the job runs:

Message
Executed as user: NT SERVICE\SQLSERVERAGENT. Cannot open backup device 'https://mystorageaccount.blob.core.windows.net/mystoragecontainer/20200102/MYDATABASE_0.bak'. Operating system error 50(The request is not supported.). [SQLSTATE 42000] (Error 3201)  BACKUP DATABASE is terminating abnormally. [SQLSTATE 42000] (Error 3013)

The Azure storage account is Storage (general purpose v1).

SQL Server 13.0.5233.0 Microsoft SQL Server Management Studio 14.0.17213.0 Microsoft Analysis Services Client Tools 14.0.1016.232 Microsoft Data Access Components (MDAC) 10.0.14393.0 Microsoft MSXML 3.0 6.0 Microsoft Internet Explorer 9.11.14393.0 Microsoft .NET Framework 4.0.30319.42000 Operating System 6.3.14393

Is there a way of configuring NT SERVICE\SQLSERVERAGENT to connect to the Azure storage container?

Solution

  • All the comments are valid to a certain extent. I finally fixed (term used loosely) backing up my SQL Server database to an Azure storage container using SAS (shared access signature) credentials.

    1. Deleted the existing credential in SQL Server (under Security > Credentials)
    2. In Azure, created an access policy under Storage Account > Container. It's important to define start and expiration dates/times, and time zones along with read, write level.
    3. In Azure, Generate a SAS token for the container. Ensure you set the appropriate start and expiration dates/times along with the timezone. Don't rely on just UTC.
    4. Upload a file to the container to make sure it's all ok.
    5. In SQL Server, create the credentials. The secret should be the SAS token without the preceding ?, so just "sv=...." .
    IF NOT EXISTS  
(SELECT * FROM sys.credentials   
WHERE name = 'https://mystorageaccount.blob.core.windows.net/mycontainer')  
CREATE CREDENTIAL [https://mystorageaccount.blob.core.windows.net/mycontainer] 
   WITH IDENTITY = 'SHARED ACCESS SIGNATURE',  
   SECRET = 'sv=_my_sas_key_without_?';
    1. Backup the database. The URL and container must match with the credentials - in this case, https://mystorageaccount.blob.core.windows.net/mycontainer .
    BACKUP DATABASE [mydatabase]   
TO URL = 'https://mystorageaccount.blob.core.windows.net/mycontainer/mydatabase_03012020120400.bak' 
WITH FORMAT,  
COMPRESSION,
STATS=5,
BLOCKSIZE=65536,
MAXTRANSFERSIZE=4194304;
GO