Operational Defect Database
BugZero found this defect 697 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Veeam | kb4328
"Failed to retrieve certificate" - Error When Interacting With Cloud Storage
Last update date:
6/23/2022
Affected products:
Veeam Backup & Replication
Affected releases:
10
Fixed releases:
No fixed releases provided.
Description:
Challenge
When adding an Object Storage Repository or interacting with an existing Object Storage Repository the following error occurs: Failed to retrieve certificate from ... The format of the error is different for each type of Object Storage Repository:
Solution
This error occurs because the Veeam software could not retrieve and verify the certificate from the cloud storage endpoint. Review the Used Ports section of the User Guide and ensure proper communication with object storage repositories. Most Common Causes DNS Ensure that the Veeam Backup Server and any configured Gateway server can resolve and reach the object storage endpoints. Firewall Review relevant firewalls in the environment to ensure that the Veeam Backup Server and any configured Gateway server are permitted to reach the endpoints via the required ports. General Internet Connection Issue If the issue is not related to the above, contact your Internet Provider to check if there are any network drops. Edge Case Though rare, several Veeam Support cases have been closed by the customer after they reported that they determined that their security firewall was interfering with or tampering Customer's comment to Veeam Support: "We have excluded all of the Veeam hosts from decryption in our firewall, and the issue is no longer happening."with the certificates that the Veeam software was requesting. Those security firewalls either prevented the certificate from being received or modified the certificate preventing Veeam Backup & Replication from validating them.
More information
When the cerificate error occurs while attempting to add the Object Storage Repository, the certificate retrieval is recorded in the following log file on the Veeam Backup Server: C:\ProgramData\Veeam\Backup\Satellites\<VeeamServer>\<console_account>\Satellite_Console.log <VeeamServer> = hostname or FQDN of the Veeam Backup Server <console_account> = account used to open the Veeam Backup & Replication Console. Log Example: Info [PublicCloudCertificateLoader] Loading certificate for 'DefaultEndpointsProtocol=https;AccountName=kb4328' Info [AP] (2730) command: 'Invoke: Network.RetrieveSslCertificate { (EString) HostName = kb4328.blob.core.windows.net; (EInt32) Port = 443; }' Info [AP] (2730) output: <VCPCommandResult result="false" exception="resolve: The requested name is valid, but no data of the requested type was found
Agent failed to process method {Network.RetrieveSslCertificate}." /> Info [AP] (2730) output: > Error resolve: The requested name is valid, but no data of the requested type was found (Veeam.Backup.Common.CCppComponentException) Error Agent failed to process method {Network.RetrieveSslCertificate}. (Veeam.Backup.Common.CCppComponentException) To simplify finding the endpoint information, search the Satelite log for:
