Soteria Cloud KB
Soteria Cloud KB
Breadcrumbs

Entire Machine Backup Fails with "ASYNC: Full Barrier Action Job"

Entire Machine Backup Fails with “ASYNC: Full Barrier Action Job”

Category: Acronis Troubleshooting | Backup Failures - Hardware Security Devices
Priority:MEDIUM
Last Updated:November 2025

Problem

Acronis Cyber Protect entire machine backups fail with “ASYNC: Full barrier action job” errors when protected USB security devices are connected to the system. These specialized USB devices—including hardware security tokens, encrypted USB sticks, and technical security modules—employ write-protected Master Boot Records (MBR) to prevent tampering.

During the backup process, Acronis attempts to assign NT disk signatures to all connected storage devices for proper disk cataloging. When the backup process encounters a USB device with MBR write protection, it cannot complete the signature assignment, causing the entire backup operation to fail. The backup cannot proceed because Acronis requires accurate disk identification for consistent backup and restore operations.

Symptoms

Primary Error Message

When attempting an entire machine backup with protected USB devices connected:

ASYNC: Full barrier action job

Detailed Error Logs

Error Pattern 1 - Action Sequence Pending:

Error code: 4 Module: 249 Line info: 0xd77761d47edeb39a4 Message: ASYNC: Action sequence pending action job.

Error Pattern 2 - Full Barrier Error:

Error code: 4 Module: 249 Line info: 0x368cb7423c1c08db Message: ASYNC: Full barrier action job.

SnapAPI Log Indicators

The SnapAPI log files located in C:\ProgramData\Acronis\Agent\var\log\ show disks with zero signatures:

[20211006-210003-549][SnapAPI][T] Disk 00000057322CA650: Read MBR [20211006-210003-549][SnapAPI][T] NTSignature: 0x0

What This Means: - Acronis detected a disk with no valid NT signature - Attempted to assign a signature (normal procedure) - Write operation failed due to MBR protection - Backup cannot proceed without proper disk identification

Backup Behavior

  • Backup starts normally

  • Failure occurs during initial disk enumeration phase (within first few minutes)

  • Error appears consistently when the same USB device is connected

  • Removing the USB device allows backup to complete

  • Incremental and differential backups also affected

  • Issue persists until hardware security device is removed or protection is disabled

Device Types That Cause This Issue

Common USB security devices that trigger this error: - Hardware security tokens (2FA/MFA devices) - FIDO2/U2F security keys - Smart card readers with protected firmware - Encrypted USB drives with hardware encryption - HSM (Hardware Security Module) USB devices - Technical security modules with locked MBR - Biometric authentication devices with protected storage - Code signing tokens

Solution

Two solutions are available depending on your security requirements and environment.

Solution 1: Temporarily Disable MBR Protection (Recommended for First Backup)

This solution temporarily unlocks the USB device to allow Acronis to properly catalog it, then re-enables protection.

✅ Choose this solution if: - You need to back up the entire machine including the USB security device - You have administrative access to the security device - Your security policy allows temporary unlocking - You want the USB device included in system recovery - This is the first backup or a full backup after device changes

⚠️ Important Notes: - Only required for first successful backup - Subsequent backups usually work with protection re-enabled - Requires vendor-specific management tools - May require security approval in regulated environments

Step-by-Step Instructions

1. Identify the Protected USB Device:

Check Device Manager: 1. Press Win + X → Select Device Manager 2. Expand Disk drives 3. Identify USB devices by name (usually contains “USB” or vendor name) 4. Note device descriptions containing terms like: - “Security Token” - “Smart Card” - “Hardware Key” - Vendor names: YubiKey, Feitian, SafeNet, Gemalto, etc.

Check Disk Management: 1. Press Win + X → Select Disk Management 2. Look for small capacity disks (typically 1GB or less) 3. Check if labeled as “Removable” media type 4. Note any disks showing “No Media” or “Not Initialized”

2. Locate Manufacturer Management Tools:

Security devices typically include configuration software:

Device Type

Common Tools

Typical Location

YubiKey

YubiKey Manager

C:Files\

SafeNet/Gemalto

SafeNet Authentication Client

C:Files\

Feitian

ePass Management Tool

C:Files\

Generic Smart Card

OpenSC Tools

Varies

If tools not installed: - Download from manufacturer’s website - Install with administrative privileges - Restart system if prompted

3. Disable MBR Protection:

⚠️ Caution: Specific steps vary by manufacturer. Consult device documentation.

General Procedure: 1. Launch the device management application 2. Authenticate with device PIN/password 3. Navigate to Security Settings or Advanced Configuration 4. Locate option related to: - “Write Protection” - “MBR Lock” - “Device Protection” - “Read-Only Mode” 5. Disable or Unlock protection temporarily 6. Apply changes 7. If prompted, confirm with PIN/password

Example for YubiKey:

YubiKey Manager → Applications → PIV → Configure → Disable Write Protection

Example for SafeNet:

SafeNet Authentication Client → Advanced → Token Properties → Unlock Token

4. Verify Protection is Disabled:

Use diskpart to check:

diskpart list disk select disk [number] attributes disk

Look for “Current Read-only State: No”

5. Run Initial Backup:

  1. Open Acronis management console or agent

  2. Start the entire machine backup manually

  3. Monitor backup progress

  4. Wait for backup to complete successfully

  5. Verify no ASYNC errors in backup log

6. Re-enable MBR Protection:

After successful backup: 1. Launch device management application again 2. Navigate to security settings 3. Re-enable write protection 4. Apply changes 5. Verify protection is active

7. Test Subsequent Backups:

  1. Leave protection enabled

  2. Run another backup (incremental or differential)

  3. Backup should now succeed even with protection enabled

  4. If it fails, repeat the unlock process

Why This Works: - First backup catalogs disk structure and signature - Acronis stores this information in backup metadata - Subsequent backups reference existing catalog - No new signature assignment needed

Solution 2: Use Disk/Partition Backup Excluding USB Device (Recommended for Ongoing Backups)

This solution avoids the protected USB device entirely by using selective disk backup instead of entire machine backup.

✅ Choose this solution if: - You cannot disable MBR protection (security policy restrictions) - The USB security device doesn’t need to be backed up - You want to avoid modifying security device settings - The USB device is only temporarily connected - You need a permanent solution without special handling

Benefits: - No changes to security device required - No security policy exceptions needed - Works consistently without device manipulation - Suitable for automated/scheduled backups - Reduces backup time and size (fewer devices)

Step-by-Step Instructions

1. Identify Disks to Back Up:

Determine which disks contain data to protect:

Using Disk Management: 1. Press Win + X → Select Disk Management 2. Note disk numbers and drive letters for: - System disk (typically Disk 0, contains C:) - Data disks (D:, E:, etc.) 3. Exclude small USB devices (typically < 5GB)

Using diskpart:

diskpart list disk

Example Output:

Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 238 GB 0 B * Disk 1 Online 931 GB 100 MB * Disk 2 Online 1024 MB 0 B (USB security device - EXCLUDE)

2. Create New Backup Plan:

In Acronis management console: 1. Navigate to Backup or Protection Plans 2. Click Create new plan or Add backup plan 3. Enter plan name (e.g., “System Backup - Excluding USB Token”)

3. Select Backup Type:

  1. For What to back up, select Disk/Partition backup Do NOT select “Entire Machine”

  2. Click Next or Continue

4. Select Specific Disks:

  1. List of all disks and partitions will appear

  2. Check disks you want to back up: ✅ Disk 0 (System disk) ✅ Disk 1 (Data disk, if applicable) ✅ Other internal disks

  3. Uncheck the USB security device: Disk 2 (1GB USB device)

  4. Review selection carefully

Visual Identification Tips: - System disk: Usually labeled “Windows”, “System”, or contains OS partition - Security device: Small capacity (512MB-2GB), may show “Removable” - Network drives: Ignore these as well

5. Configure Backup Options:

Set standard backup options: - Destination: Choose backup storage location - Schedule: Configure backup frequency - Retention: Set retention policy - Compression: Select compression level - Encryption: Enable if required

6. Save and Test:

  1. Click Save or Create

  2. Review plan summary

  3. Run backup manually to test

  4. Verify backup completes without ASYNC errors

  5. Confirm expected disks are included in backup

7. Verify Backup Content:

After successful backup: 1. Browse backup in Acronis console 2. Verify system disk partitions present 3. Confirm data disks included (if selected) 4. Check that USB security device is NOT listed

Prevention

Pre-Deployment Planning

1. Hardware Inventory

Before deploying Acronis: - Survey users for USB security devices - Document device types and vendors - Identify which systems have security tokens - Create asset database of protected devices

2. Backup Strategy Definition

Establish clear policies:

Policy Template:

USB Security Device Backup Policy: Workstations with security tokens: - Use Disk/Partition backup (Solution 2) - Exclude all USB devices < 5GB - Document excluded devices Systems requiring complete machine backup: - Coordinate with security team for MBR unlock (Solution 1) - Perform during maintenance windows - Re-enable protection immediately after first backup Servers (rarely have USB tokens): - Standard entire machine backup - Document any exceptions

3. User Communication

Inform users about: - USB devices that may interfere with backups - Instructions to remove security tokens before scheduled backups - Escalation procedure if backup failures occur - Which devices need to remain connected vs. removed

Deployment Best Practices

1. Staged Rollout

Test on representative systems: - Systems with various USB security device types - Different Windows versions - Both workstation and server OS - Test both Solution 1 and Solution 2 - Document findings and edge cases

2. Create Standard Operating Procedures

Document procedures for: - Identifying protected USB devices - Choosing appropriate solution (1 or 2) - Obtaining security approvals for Solution 1 - Configuring selective disk backups (Solution 2) - Troubleshooting ASYNC errors - Escalation paths

3. Technical Documentation

Maintain documentation of: - Known problematic device models - Vendor-specific unlock procedures - Required management software and sources - Security approval process and contacts - Common disk configurations per system type

Automated Detection

PowerShell Script to Identify Protected USB Devices:

# Detect USB devices with zero signatures $disks = Get-Disk | Where-Object { $_.BusType -eq "USB" -and $_.Size -lt 5GB } foreach ($disk in $disks) { Write-Output "Potential Security Device Detected:" Write-Output " Disk Number: $($disk.Number)" Write-Output " Model: $($disk.FriendlyName)" Write-Output " Size: $([math]::Round($disk.Size / 1GB, 2)) GB" Write-Output " Bus Type: $($disk.BusType)" Write-Output " Recommendation: Exclude from backup or use Solution 1" Write-Output "" }

Run this script during initial system assessment.

Backup Scheduling Strategies

1. User Behavior Patterns

Schedule backups when USB tokens typically not connected: - End of day backups: After users log off and remove tokens - Morning backups: Before users arrive and connect tokens - Weekend backups: When fewer users are active - Overnight backups: During off-hours

2. User Training

Educate users to: - Remove USB security tokens before end of day - Understand backup schedule (e.g., “Backups run at 11 PM”) - Reconnect tokens the next morning - Report persistent backup failures

3. Pre-Backup Scripts

Create notification system:

Pre-backup user notification (PowerShell):

# Display reminder to remove USB security tokens $message = "Backup starting in 15 minutes. Please remove USB security tokens if possible." $title = "Scheduled Backup Reminder" # Create notification [System.Windows.MessageBox]::Show($message, $title, 'OK', 'Information')

Configure this as a pre-backup script in Acronis.

Monitoring and Alerting

1. Proactive Error Detection

Set up monitoring for ASYNC errors: - Configure email alerts for Module 249 errors - Create dashboard showing backup failures by error type - Track systems with recurring ASYNC errors - Generate weekly reports of affected systems

2. Log Analysis

Regularly review SnapAPI logs:

# Search for zero signature indicators findstr /i "NTSignature: 0x0" "C:\ProgramData\Acronis\Agent\var\log\snapapi*.log"

If found: - Identify affected system - Check for connected USB devices - Apply appropriate solution - Document in system notes

3. Health Check Scripts

Monthly verification:

# Check backup success rates and identify ASYNC errors $backupLogs = Get-ChildItem "C:\ProgramData\Acronis\Agent\var\log\" -Filter "backup*.log" $asyncErrors = $backupLogs | Select-String "ASYNC: Full barrier" if ($asyncErrors.Count -gt 0) { Write-Warning "$($asyncErrors.Count) ASYNC errors found in last 30 days" # Send alert to administrator }

Enterprise Management

For Large Organizations:

1. Centralized Configuration Management

Use Acronis centralized management to: - Deploy standardized backup plans - Exclude USB devices by default in templates - Monitor backup success rates across organization - Push configuration changes to multiple systems

2. Asset Management Integration

Integrate with asset management systems: - Track which systems have USB security devices - Automatically apply appropriate backup configuration - Update backup plans when hardware changes - Maintain audit trail of device assignments

3. Security Team Coordination

Establish collaboration with security teams: - Define approval process for MBR unlock requests - Create exception handling procedures - Schedule coordinated maintenance windows - Document security implications of both solutions

4. Compliance Considerations

For regulated industries: - Document backup exclusions for compliance audits - Ensure excluded devices have alternative protection - Maintain records of security device modifications - Review backup coverage meets regulatory requirements

Understanding the Technical Details

What is an NT Signature?

Definition: The NT Signature (also called Disk Signature) is a unique 32-bit hexadecimal value stored in the Master Boot Record (MBR) at offset 0x01B8.

Purpose: - Uniquely identifies physical disks in Windows - Used by Windows to track and mount volumes - Required for proper disk reference in registry - Critical for multiboot and volume management

Format:

Example: 0x12345678 Valid Range: 0x00000001 to 0xFFFFFFFF Invalid: 0x00000000 (indicates missing or unreadable signature)

Why Acronis Needs Disk Signatures

Backup Operations: - Catalog disk structure for consistent backups - Track disk relationships (dynamic disks, RAID) - Identify disks in incremental/differential backups - Ensure correct disk targeting for restores

Restore Operations: - Match backup data to correct physical disks - Restore disk configuration accurately - Handle multiboot and complex storage scenarios - Prevent data corruption from disk misidentification

Why Protected USB Devices Have Zero Signatures

Security Device Design: 1. MBR Write Protection: Prevents tampering with boot process 2. Firmware Protection: Ensures device authenticity 3. Zero Signature: Intentional to prevent OS modifications 4. Security By Design: Protects cryptographic keys and certificates

Common Protected Device Types:

Device Type

Purpose

Why MBR Protected

FIDO2/U2F Keys

Authentication

Prevents cloning

Smart Cards

Certificate storage

Protects private keys

HSM Tokens

Crypto operations

Ensures key security

Code Signing

Software signing

Prevents tampering

How Acronis Handles Disk Enumeration

Normal Process: 1. Enumerate all storage devices via Windows API 2. Read MBR from each device 3. Extract existing NT signature 4. If missing, generate and write new signature 5. Catalog disk for backup operations

When Protected Device Present: 1. Enumerate devices (includes USB security token) 2. Attempt to read MBR (succeeds) 3. Detect missing signature (0x0) 4. Attempt to write new signature (FAILS - write-protected) 5. Backup process cannot continue → ASYNC error

SnapAPI Logging

Log Location:

C:\ProgramData\Acronis\Agent\var\log\snapapi*.log

Key Log Entries:

Normal Disk:

[SnapAPI][T] Disk 0000005A2BC10050: Read MBR [SnapAPI][T] NTSignature: 0x4D3C2B1A

Protected USB Device:

[SnapAPI][T] Disk 00000057322CA650: Read MBR [SnapAPI][T] NTSignature: 0x0 [SnapAPI][E] Failed to write disk signature [SnapAPI][E] Access denied - MBR write protected

Troubleshooting Decision Tree

Entire machine backup failing with ASYNC error? │ ├─ Check SnapAPI logs for "NTSignature: 0x0" │ ├─ NOT FOUND → Different issue, check other logs │ └─ FOUND → Continue │ ├─ Identify USB security devices │ └─ diskpart → list disk │ ├─ Small USB device (< 5GB) found? │ │ └─ YES → This is likely the cause │ └─ NO → Check for other protected devices │ ├─ Can you disable MBR protection? │ ├─ YES → Security policy allows? │ │ ├─ YES → Use Solution 1 │ │ │ └─ Unlock, backup, re-lock │ │ └─ NO → Use Solution 2 │ │ └─ Disk/Partition backup, exclude USB │ │ │ └─ NO → Management tools unavailable? │ └─ Use Solution 2 │ └─ Exclude USB device from backup │ └─ Test backup and verify success

Additional Resources

Related Issues

  • Backup fails with Module 249 errors

  • Entire machine backup incomplete

  • USB device causes backup failure

  • Cannot read disk signature

  • MBR access denied errors

  • Disk signature conflict

  • Protected storage device errors

Keywords

ASYNC full barrier, action job, entire machine backup fails, USB security module, protected MBR, NT signature, write-protected, SnapAPI error, disk signature 0x0, hardware security token, smart card, FIDO2, YubiKey backup error, error code 4 module 249

Need Additional Help?

If these solutions don’t resolve the issue: 1. Collect SnapAPI logs: C:\ProgramData\Acronis\Agent\var\log\snapapi*.log 2. Run diskpart → list disk and document all disks 3. Check Device Manager for all USB devices 4. Try backup with ALL USB devices disconnected 5. If backup succeeds, reconnect devices one at a time to identify culprit 6. Document USB device make/model that causes issue 7. Contact Acronis Support with: - SnapAPI logs showing NTSignature: 0x0 - List of connected USB devices - Device Manager screenshot - USB security device manufacturer and model