Discussions specific to the Nutanix AHV hypervisor
Post Reply
arogarth
Influencer
Posts: 13
Liked: 2 times
Joined: Sep 25, 2017 7:15 am
Location: Frankfurt/M., Germany
Contact:

host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by arogarth »

Hello togehter,

every morning we found that VEEAM lost connection to the AHV Proxy (Standalone Appliance) - The issue is that the Proxy is regenerating his selfSigned Certificate every night...

Does anybody know why? and how can i disable that?

arogarth
Influencer
Posts: 13
Liked: 2 times
Joined: Sep 25, 2017 7:15 am
Location: Frankfurt/M., Germany
Contact:

Re: host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by arogarth »

OK, the service VeeamBackupAgent is restarting every day... And it is recreating the certs... Find out why...

arogarth
Influencer
Posts: 13
Liked: 2 times
Joined: Sep 25, 2017 7:15 am
Location: Frankfurt/M., Germany
Contact:

Re: host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by arogarth »

ok... found this in logs

Code: Select all

2020-11-03 04:37:38.288 00001 [176748] INFO     | [Service]: Hostname was changed. Generate new certificate.
2020-11-03 04:37:38.291 00001 [176748] INFO     | [Service]: Start generate .pfx certificate.
2020-11-03 04:37:38.406 00005 [176748] INFO     | [VeeamBackupServer]: Test connection to backup server [id: veeamserver1 Name: VEEAM.srv.local:10006]. Connection status: ConnectionSuccess. Version: 10.0.1.4854
2020-11-03 04:37:38.483 00001 [176748] INFO     | [Service]: End generate .pfx certificate.

arogarth
Influencer
Posts: 13
Liked: 2 times
Joined: Sep 25, 2017 7:15 am
Location: Frankfurt/M., Germany
Contact:

Re: host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by arogarth »

OK - I dont know why the Agent detect that the hostname seems to be changed... Also increasing debug loglevel did not show which hostName veeam use or how they detect it...

but, I found two workarounds...

the first one: Disable autorestart of the VeeamBackupAgent Service in /opt/VeeamBackupAgent/appsettings.json - Search for DailyRestart > Disable and set it to "true". In this case the Certificate will only be renewed after next reboot.

The second, the better workaround: Use the gereated certificate as your own. The VEEAM AHV Proxy generate its own Certificate and write them to /opt/VeeamBackupAgent/host_selfsigned.pfx. Just tell the service that you want use your own certificate. Open /opt/VeeamBackupAgent/appsettings.json and set Certificate.UseCustomCert to true and Certificate.CustomCertFilePath to /opt/VeeamBackupAgent/host_selfsigned.pfx . Restart the service - NOW the Proxy will not recreate the certs.

ronnmartin61
Veeam Software
Posts: 167
Liked: 47 times
Joined: Mar 07, 2016 3:55 pm
Full Name: Ronn Martin
Contact:

Re: host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by ronnmartin61 » 1 person likes this post

You may want to open a support case on this as I do not believe this is the expected behavior. I'll monitor my lab setup which I just re-created yesterday to see if I observe the same thing...

arogarth
Influencer
Posts: 13
Liked: 2 times
Joined: Sep 25, 2017 7:15 am
Location: Frankfurt/M., Germany
Contact:

Re: host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by arogarth »

Done - see 04476560

arogarth
Influencer
Posts: 13
Liked: 2 times
Joined: Sep 25, 2017 7:15 am
Location: Frankfurt/M., Germany
Contact:

Re: host selfSigned Certificates recreate every day - VEEAM lost connect to Proxy

Post by arogarth »

OK, we found the Problem.

As we use ansible to set hostname (and other configs) the ansible module "hostname" added a newline to this file. Also using vi to change the file is adding a newline.

VEEAM is not trimming the hostname from this file - This should be change!

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests