I am using Veeam version 10.0.1.4854 and the latest patch and am having trouble adding a Backblaze B2 repository. I am encountering the error message "Failed to load Amazon S3 Compatible configuration".
I have opened a ticket with Veeam support using Case #04593670 but know that may take a while to receive a response. I recall reading a forum thread somewhere that stated that only Veeam versions 10.0.0 and 9.5 was currently working with adding a new B2 Repository due to an issue on the Backblaze side. The thread also indicated it was possible to update to the latest version after already adding the repo. Of course I can't find this thread for the life of me.
So I am just wanted to see if anyone can confirm this is true before I attempt to downgrade to an earlier version.
There's definitely no point in downgrading. At this time, there are no known issues with Backblaze interop for the Veeam version you're using. And judging on the error, this seems like a generic network connectivity or a certificate issue, so unrelated to the thread you're recalling. Your issue is likely environment-specific, and you should work with our support to troubleshoot it. Thanks!
jadonr wrote: ↑Jan 18, 2021 5:03 pm
I am using Veeam version 10.0.1.4854 and the latest patch and am having trouble adding a Backblaze B2 repository. I am encountering the error message "Failed to load Amazon S3 Compatible configuration".
I am using this B2 endpoint without issues in the same version. It could be a transient or local network issue. You may want to check whether the B&R host can connect to https://s3.us-west-002.backblazeb2.com/ (your b2 end point) --- if accessible it should return an xml with AccessDenied/Authentication required error.
Ok, Gostev and selva were correct. I was able to isolate the issue by connecting outside of my network using my phone as a hotspot and I was able to move to the next page where it prompts to select the bucket. So my question now is, what ports and IP's do I need to whitelist on my network to configure this?
Thanks. I was able to get past this by using my hotspot to set up the repo and then go back to my existing network and all appears to be fine. Not certain what was initially blocking the connection. Appreciate the quick replies!
In that case, I might have an idea: some time ago, I heard about sophisticated attacks involving hackers using the OCSP (Online Certificate Status Protocol) as a transport for their malicious payload. Which I thought was amazing what kind of clever stuff these people are coming up with: OCSP is used by Certificate Authorities to check the revocation status of a digital certificate, so normally it is allowed through practically everywhere.
Anyway, perhaps IDS systems now started to analyze the relevant traffic and OCSP packets they deem "suspicious". Which is why the initial connection could not be established, but now it works.
That is an interesting thought. I have a consumer-based Asus router with all the AI-stuff enabled to prevent intrusions, but I disabled all of it and was still unable to establish the initial connection. After I connected using my phone and selected the bucket and setup the repo, I am then able to go back and modify the immutable settings while on my router again.
I personally would try to capture the traffic via applications like Wireshark. Then you'd see which side is closing/resetting the TCP connection and if you do the same using the hotspot, you can compare the output and see at which point something goes wrong.
This approach has very often worked very well for me and you immediately get a clue where to further look for. For instance, the last wasabi issue where the whole DNS-Zone got removed has been investigated by myself within less then 5 minutes. Veeam just showed a generic error message but in the trace I saw that the failure was at the DNS level.
