Resolving Veeam’s “Cannot access a closed Stream” Error on Proxmox VE
If you manage a virtual environment using Proxmox VE and rely on Veeam for your backup and replication needs, you may have recently encountered a sudden and perplexing error during your backup jobs: “Cannot access a closed Stream.” This issue can bring your data protection strategy to a halt, leaving your virtual machines unprotected and your system logs filled with failed job alerts.
This can be a frustrating experience, especially when your configuration hasn’t changed. The good news is that this error is likely not caused by a misconfiguration in Veeam or your Proxmox setup. Instead, the root cause lies deeper within the Proxmox host’s operating system.
This guide will walk you through understanding the problem and provide a clear, step-by-step solution to get your Veeam backups running smoothly again.
Understanding the Root Cause: A Kernel-Level Issue
The “Cannot access a closed Stream” error typically appears when the temporary Veeam Worker appliance, which is deployed on the Proxmox host during a backup job, attempts to communicate with your backup repository. Specifically, this issue is prevalent when your Veeam repository is located on a CIFS/SMB network share.
The core of the problem is a recently introduced bug within the Linux kernel’s CIFS client module. Investigations have shown that this bug affects specific kernel versions distributed with Proxmox VE updates.
Key points to understand:
- The Problem is Not Veeam: Your Veeam settings and repository configurations are likely correct.
- The Culprit is the Kernel: The issue is a regression bug in the Proxmox host’s Linux kernel that affects how it handles SMB/CIFS connections.
- Affected Versions: This error has been widely reported by users running Proxmox VE with kernel versions such as 6.5.11-7-pve and 6.5.11-8-pve.
Because the error originates at the kernel level on the Proxmox host, troubleshooting Veeam settings or network permissions will not resolve the issue. The solution requires addressing the kernel directly.
The Solution: Downgrading to a Stable Proxmox Kernel
Until a patched kernel is released by the Proxmox development team, the most reliable and immediate solution is to revert the Proxmox host’s kernel to a known stable version that does not contain the CIFS bug. Version 6.5.11-4-pve has been identified as a stable and effective target for this downgrade.
Follow these precise steps on each affected Proxmox host. You will need to connect to the host’s command line via SSH or the web console.
Step 1: Update Your Package Lists
First, ensure your server’s package list is up to date. This command refreshes the list of available packages from the repositories.
apt update
Step 2: Install the Stable Kernel Version
Next, explicitly install the known-good kernel version. This command will download and install the specific kernel package onto your system.
apt install pve-kernel-6.5.11-4-pve
Step 3: Pin the Kernel to Prevent Automatic Upgrades
This is the most critical step. If you simply reboot now, the next time you run system updates, Proxmox may automatically upgrade the kernel back to the problematic version. Pinning the kernel tells the bootloader to prioritize this specific version and prevents the package manager from replacing it during routine updates.
First, add the newly installed kernel to the bootloader configuration:
proxmox-boot-tool kernel add pve-kernel-6.5.11-4-pve
Next, pin the stable version:
proxmox-boot-tool kernel pin pve-kernel-6.5.11-4-pve
You should see a confirmation message indicating that the kernel has been successfully pinned.
Step 4: Reboot the Proxmox Host
A reboot is required to load the newly installed and pinned kernel.
reboot
Verification and Next Steps
Once your Proxmox host has rebooted, you can verify that it is running the correct kernel version with the following command:
uname -r
The output should show 6.5.11-4-pve.
After confirming the downgrade, navigate to your Veeam Backup & Replication console and re-run the failed backup job. The “Cannot access a closed Stream” error should now be resolved, and your backups should complete successfully.
Looking Ahead:
While pinning the kernel is an effective immediate fix, it is not an ideal long-term solution, as it prevents you from receiving future kernel security updates. Be sure to monitor Proxmox VE updates. Once a new kernel version is released that officially fixes the CIFS bug, you can unpin your current version, run a system update, and reboot to ensure your systems remain secure and fully up-to-date.
Source: https://nolabnoparty.com/veeam-worker-su-proxmox-ve-errore-cannot-access-a-closed-stream/
