Store2 for PBS has become inaccesible

I created Store2 for PBS and it was working and created backups of the VM’s, but some time later I received an error email which says “backup failed: could not activate storage ‘store2’: store2: error fetching datastores - 401 Unauthorized” and now when I login to PVE as root and click on Store2-Backups, it says “store2: error fetching datastores - 401 Unauthorised (500)”.

If I click on Summary it doesn’t give an error and shows Enabled - Yes, Active - No, Content - VZDump backup file, Type - Proxmox Backup Server.

Has anyone encountered this problem before and found the cause and solution?

It seems that the problem was that I’d set the user in PVE for Store2 as root@pam and I’d subsequently enabled 2FA for that user in PBS.

I discovered this by creating a new store3 linked to the same datastore and using a new user I created - proxmoxbackup - which didn’t have 2FA enabled in either PVE or PBS, although it seems it’s OK to have it enabled in PVE, just not in PBS.

1 Like

Thanks for the info, and well done for solving it yourself and telling us :slight_smile:

1 Like

Thanks. I’m afraid I haven’t completely fixed it yet though!

I’m getting this error now “INFO: Error: backup owner check failed (proxmoxbackup@pbs != root@pam)”

In PVE under Datacenter-Storage it shows that the username for store3 is proxmoxbackup@pbs

I’ve created this user proxmoxbackup@pbs in PBS and given it full permissions for now, and of course root@pam already has full permissions, so I’m not sure what this error means.

I haven’t enabled 2FA for this user in PBS so the username/password should work, but I tried creating an API token for it in PBS but then I can’t add it to PVE, because in the Add Token box I have to select a user from those that exist in PVE, and if I try to create a user proxmoxbackup@pbs!client1 it adds @pam to the end.

The Add Token box is a bit confusing, as it asks for a user and a tokenid, but the tokenid generated in PBS is proxmoxbackup@pbs!client1 and then there’s a value, but there’s nowhere to put the value in the Add Token box.

I tried selecting root@pam as the user and putting the value in the TokenID box, but then it says " Parameter verification failed. (400). tokenid : value does not match the regex pattern"

So I’ve run out of ideas!