Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Cloud Object Store Administrator's Guide
  3. Troubleshooting
  4. Restore failures due to object lock
NetBackup™ for Cloud Object Store Administrator's Guide

Restore failures due to object lock

Explanation:

During restore, if you select the Retain original object lock properties option, NetBackup applies the object lock properties.

Viewing the Activity monitor logs:

Warning bpbrm (pid=21103) from client ip-10-176-97-167.us-east-2.compute.internal: WRN - Cannot set Object lock on the object. Access to perform the operation was denied.

Jul 25, 2023 11:26:00 AM - Error bpbrm (pid=21103) from client ip-10-176-97-167.us-east-2.compute.internal: ERR - Cannot complete restore for any of the objects.

Jul 25, 2023 11:26:00 AM - Warning bpbrm (pid=21103) from client ip-10-176-97-167.us-east-2.compute.internal: WRN - The 3 files restored partially as object lock cannot be applied.

Jul 25, 2023 11:26:00 AM - Info tar (pid=1697) done. status 5

Viewing the nbcosp logs:

{"level":"info","SDK log body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied
 </Code><Message>Access Denied</Message><RequestId>ZNT4GXHP70HX573A</RequestId>
<HostId>
3scBmke9LmOwtuK5lnYv0ozyKgbne+ey04qXtSt6s/OQbpSCyfxiwvdi2CPG3cHU+H/ztz7C3mHeoX5Cnvb2xg==</HostId> 
</Error>\n","time":"2023-07-25T05:56:00.708117368Z","caller":
"internal/logging.ExtendedLog.Log:zerolog_wrapper.go:18","message":"SDK log entry"}
{"level":"debug","status code":403,"errmsg":"AccessDenied: 
Access Denied\n\tstatus code: 403, request id: ZNT4GXHP70HX573A, 
host id: 3scBmke9LmOwtuK5lnYv0ozyKgbne+ey04qXtSt6s/OQbpSCyfxiwvdi2CPG3cHU+H/ztz7C3mHeoX5Cnvb2xg==",
"time":"2023-07-25T05:56:00.708145345Z","caller":"main.s3StatusCode:s3_ops.go:8447",
"message":"s3StatusCode(): get http status code"}
{"level":"error","error":"AccessDenied: Access Denied\n\tstatus code: 403, 
request id: ZNT4GXHP70HX573A,
 host id: 3scBmke9LmOwtuK5lnYv0ozyKgbne+ey04qXtSt6s/OQbpSCyfxiwvdi2CPG3cHU+H/ztz7C3mHeoX5Cnvb2xg==",

"object key":"cudtomer35jul/squash.txt","time":"2023-07-25T05:56:00.708160142Z",
"caller":"main.(*OCSS3).commitBlockList:s3_ops.go:2655",
"message":"s3Storage.svc.PutObjectRetention Failed to Put ObjectRetention"}

Workaround:

You must have the required permissions for object retention. These are the necessary permissions that your role must have:

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "ObjectLock",

            "Effect": "Allow",

            "Action": [

                "s3:PutObjectRetention",

                "s3:BypassGovernanceRetention"

            ],

            "Resource": [

                "*"

            ]

        }

    ]

}

See Configuring Cloud object retention properties.

Feedback

Was this page helpful?
Previous

Discovery failures due to improper permissions

Next

Introduction

Feedback

Was this page helpful?