host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

[arogarth]

Hello togehter,

every morning we found that VEEAM lost connection to the AHV Proxy (Standalone Appliance) - The issue is that the Proxy is regenerating his selfSigned Certificate every night...

Does anybody know why? and how can i disable that?

[arogarth]

OK, the service VeeamBackupAgent is restarting every day... And it is recreating the certs... Find out why...

[arogarth]

ok... found this in logs

Code: Select all

2020-11-03 04:37:38.288 00001 [176748] INFO     | [Service]: Hostname was changed. Generate new certificate.
2020-11-03 04:37:38.291 00001 [176748] INFO     | [Service]: Start generate .pfx certificate.
2020-11-03 04:37:38.406 00005 [176748] INFO     | [VeeamBackupServer]: Test connection to backup server [id: veeamserver1 Name: VEEAM.srv.local:10006]. Connection status: ConnectionSuccess. Version: 10.0.1.4854
2020-11-03 04:37:38.483 00001 [176748] INFO     | [Service]: End generate .pfx certificate.

[arogarth]

OK - I dont know why the Agent detect that the hostname seems to be changed... Also increasing debug loglevel did not show which hostName veeam use or how they detect it...

but, I found two workarounds...

the first one: Disable autorestart of the VeeamBackupAgent Service in /opt/VeeamBackupAgent/appsettings.json - Search for DailyRestart > Disable and set it to "true". In this case the Certificate will only be renewed after next reboot.

The second, the better workaround: Use the gereated certificate as your own. The VEEAM AHV Proxy generate its own Certificate and write them to /opt/VeeamBackupAgent/host_selfsigned.pfx. Just tell the service that you want use your own certificate. Open /opt/VeeamBackupAgent/appsettings.json and set Certificate.UseCustomCert to true and Certificate.CustomCertFilePath to /opt/VeeamBackupAgent/host_selfsigned.pfx . Restart the service - NOW the Proxy will not recreate the certs.

[ronnmartin61]

You may want to open a support case on this as I do not believe this is the expected behavior. I'll monitor my lab setup which I just re-created yesterday to see if I observe the same thing...

[arogarth]

Done - see 04476560

[arogarth]

OK, we found the Problem.

As we use ansible to set hostname (and other configs) the ansible module "hostname" added a newline to this file. Also using vi to change the file is adding a newline.

VEEAM is not trimming the hostname from this file - This should be change!