Troubleshooting

Easy Fix for VEEAM error “Retrieving certificate for s3.cloud-object-storage.appdomain.cloud:443 Failed”

In this new blog post we are going to cover a simple fix for the following scenario

  • VEEAM Backup and Replication Server, VEEAM Gateway server behind squid proxy
  • Adding an IBM S3 object storage repository fails with the following error:

Log %programdata%\Veeam\Backup\Satellites\BackupServer\User\Agent.PublicCloud.Satellite.log

[10.03.2021 15:02:59.721] < 8684> cli | Network.RetrieveSslCertificate
[10.03.2021 15:02:59.721] < 8684> cli | (EString) HostName = s3.au-syd.cloud-object-storage.appdomain.cloud
[10.03.2021 15:02:59.721] < 8684> cli | (EInt32) Port = 443
[10.03.2021 15:02:59.721] < 8684> cli | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[10.03.2021 15:02:59.721] < 8684> net | Retrieving certificate for s3.au-syd.cloud-object-storage.appdomain.cloud:443
[10.03.2021 15:03:20.752] < 8684> net | Retrieving certificate for s3.au-syd.cloud-object-storage.appdomain.cloud:443 Failed.
[10.03.2021 15:03:20.752] < 8684> cli | ERR |Failed to process {Invoke} command
[10.03.2021 15:03:20.752] < 8684> cli | >> |Duration: [00:00:21.030]
[10.03.2021 15:03:20.752] < 8684> cli | >> |Details:
[10.03.2021 15:03:20.752] < 8684> cli | >> |connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
[10.03.2021 15:03:20.752] < 8684> cli | >> |Agent failed to process method {Network.RetrieveSslCertificate}.

Root cause

The network configuration does not allow direct internet access for Veeam components.

Solution

Since we are using a proxy server to access the Internet, we found that WinHTTP settings were not properly configured on Microsoft Windows machines with Veeam backup infrastructure components. 

We used the following command to set the proxy (all protocols) to 192.168.111.111 port 8888:

netsh winhttp set proxy proxy-server="192.168.111.111:8888"
Current WinHTTP proxy settings:
    Proxy Server(s) :  192.168.111.111:8888
    Bypass List     :  (none)

Run netsh winhttp show to validate the correct proxy configuration

Easy fix!! Always make sure to meet all network requirements specified by vendors!

VEEAM Reference Link

How to set a HTTP proxy for Veeam components: https://www.veeam.com/kb3090