In this new blog post we are going to cover a simple fix for the following scenario
- VEEAM Backup and Replication Server, VEEAM Gateway server behind squid proxy
- Adding an IBM S3 object storage repository fails with the following error:
Log %programdata%\Veeam\Backup\Satellites\BackupServer\User\Agent.PublicCloud.Satellite.log
[10.03.2021 15:02:59.721] < 8684> cli | Network.RetrieveSslCertificate
[10.03.2021 15:02:59.721] < 8684> cli | (EString) HostName = s3.au-syd.cloud-object-storage.appdomain.cloud
[10.03.2021 15:02:59.721] < 8684> cli | (EInt32) Port = 443
[10.03.2021 15:02:59.721] < 8684> cli | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[10.03.2021 15:02:59.721] < 8684> net | Retrieving certificate for s3.au-syd.cloud-object-storage.appdomain.cloud:443
[10.03.2021 15:03:20.752] < 8684> net | Retrieving certificate for s3.au-syd.cloud-object-storage.appdomain.cloud:443 Failed.
[10.03.2021 15:03:20.752] < 8684> cli | ERR |Failed to process {Invoke} command
[10.03.2021 15:03:20.752] < 8684> cli | >> |Duration: [00:00:21.030]
[10.03.2021 15:03:20.752] < 8684> cli | >> |Details:
[10.03.2021 15:03:20.752] < 8684> cli | >> |connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
[10.03.2021 15:03:20.752] < 8684> cli | >> |Agent failed to process method {Network.RetrieveSslCertificate}.
Root cause
The network configuration does not allow direct internet access for Veeam components.
Solution
Since we are using a proxy server to access the Internet, we found that WinHTTP settings were not properly configured on Microsoft Windows machines with Veeam backup infrastructure components.Â
We used the following command to set the proxy (all protocols) to 192.168.111.111 port 8888:
netsh winhttp set proxy proxy-server="192.168.111.111:8888" Current WinHTTP proxy settings: Proxy Server(s) : 192.168.111.111:8888 Bypass List : (none)
Run netsh winhttp show to validate the correct proxy configuration
Easy fix!! Always make sure to meet all network requirements specified by vendors!
VEEAM Reference Link
How to set a HTTP proxy for Veeam components: https://www.veeam.com/kb3090