The problem with the certificate during Veeam backups


Hey,

Recently I encountered a problem with the backup. In one of the customers backup is done using a Veeam solution.

Short introduction in infrastructure will say only that the servers Veeam B & R combine with vCenter, and not, as in some cases directly to the ESXi hosts.

Error that accompany with this problem is:

Task failed Error: The remote certificate is invalid according to the validation procedure.

7

The first step, which was made was to check the permission of the account that is used to connect to the vCenter. But that was not the problem.

After careful analysis, it turned out that none of the Veeam servers had not imported SSL certificate for the vCenter. First, we conducted a procedure to re-connect Veeam to the vCenter Server using Veeam console. However, it did not bring a positive solution, so we went to import the certificate manually. 

The procedure for this is very simple. Just go to the appropriate directory of the installed components vCenter.

For Windows Server 2008, C:\Program Data\VMware\VMware VirtualCenter\SSL\  and copy crt file

1

On the Veeam server open up mmc and add the certificates snap-in

3

4

5

Under Trusted Root Certification Authorities, right click on certificates, then click import

2

Then there is only the indication of the path to the certificate.

After import certificates issue has ceased to exist in almost all locations. With a few still was a problem.

After analyzing the logs, it turned out that in other locations further issue concerned the SSL time limits.

6

To workaround this issue:

Stop vCenter service

Navigate to C:\ProgramData\VMware\VMware VirtualCenter\ and backup the vpxd.cfg file.

Open the vpxd.cfg file in a plain text editor.

<vmacore>

<ssl>

        <useCompression>true</useCompression>

</ssl>

Add <handshakeTimeoutMs>240000</handshakeTimeoutMs> before the </ssl> entry:

<vmacore>

<ssl>

        <useCompression>true</useCompression>

        <handshakeTimeoutMs>240000</handshakeTimeoutMs>

</ssl>

Restart the VMware Virtual Center Service.

More information on this topic can be found here.

After applying all the above steps, the problem with the certificates and also the backup ceased to exist.

Regards,

Paweł

 

Pawel Drazkowski

Pawel Drazkowski

Senior System Engineer at Atos
Pawel Drazkowski

Latest posts by Pawel Drazkowski (see all)

Leave a Reply