Discussions related to using object storage as a backup target.
Post Reply
agrob
Veteran
Posts: 380
Liked: 48 times
Joined: Sep 05, 2011 1:31 pm
Full Name: Andre
Contact:

problems adding azure blob storage account

Post by agrob »

Good Day

When i try to add a new object storage repository -> azure blob storage, i get the following error message under the account settings:

"Azure Cloud Connection has returned an untrusted certificate"

Veeam does not display the certificate. Time on the Server is correct.
How can i troubleshoot/fix this?
Thanks
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: problems adding azure blob storage account

Post by veremin »

We will need to see debug logs first. Can you open a ticket with our support team and provide its number here? Thanks!
agrob
Veteran
Posts: 380
Liked: 48 times
Joined: Sep 05, 2011 1:31 pm
Full Name: Andre
Contact:

Re: problems adding azure blob storage account

Post by agrob »

Thanks, Case ID 03415333
agrob
Veteran
Posts: 380
Liked: 48 times
Joined: Sep 05, 2011 1:31 pm
Full Name: Andre
Contact:

Re: problems adding azure blob storage account

Post by agrob » 1 person likes this post

Problem solved. Veeam Backup Server was not able to connect to Microsoft PKI site to check Certificate. I thought that proxy server specified in the azure blob storage repository would do all the needed connections. once veeam backup server was able to check the certificate, it worked
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: problems adding azure blob storage account

Post by veremin »

Glad to hear that the problem has been solved. Thanks for taking the time and updating the topic with the resolution; much appreciated!
silviaspera
Lurker
Posts: 2
Liked: never
Joined: May 24, 2019 9:42 am
Contact:

Re: problems adding azure blob storage account

Post by silviaspera »

How did you solve the problem?
What does it mean "once veeam backup server was able to check the certificate"?

Where is the proxy specified?

I can't undertsand how to solve it!

Many thanks for your support
Silvia
wishr
Veteran
Posts: 3077
Liked: 453 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: problems adding azure blob storage account

Post by wishr »

Hi Silvia,

The initial poster did not mention resolution details during the conversation with our support engineer, so please open a support case (don't forget to let us know your support case ID) and work with them since your root cause may differ.

Thanks
silviaspera
Lurker
Posts: 2
Liked: never
Joined: May 24, 2019 9:42 am
Contact:

Re: problems adding azure blob storage account

Post by silviaspera »

Sure, it may differ however is it possible to know the most common cause? I think it could be the same in many cases.
Thanks anyway
wishr
Veteran
Posts: 3077
Liked: 453 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: problems adding azure blob storage account

Post by wishr »

As I mentioned, we do not have detailed information about resolution steps performed by the initial poster since they have not been shared with our support team in the support case. The only information available is this.
agrob
Veteran
Posts: 380
Liked: 48 times
Joined: Sep 05, 2011 1:31 pm
Full Name: Andre
Contact:

Re: problems adding azure blob storage account

Post by agrob » 1 person likes this post

The solution in our case was to grant the veeam backup server access to the internet to check crl. if first thought that the server which acts as gateway server for the azure repository just need access to it and to check the crl. but this was not enough -> just make sure that the backup server itself (management gui) has internet access. hope this helps
leockw
Influencer
Posts: 24
Liked: 3 times
Joined: May 13, 2021 10:05 am
Full Name: Leo
Contact:

[MERGED] Offsite backup offload to Azure error

Post by leockw »

Hi all,

We have offsite backup file offload to Azure storage, at the beginning is works fine but the last file show the error "Azure Cloud connection has returned an untrusted certificate".

Our environment as following,
Primary job to primary backup repository - VBR server 11
Backup copy job to offsite backup repository - NAS

Scale-out repository – Performance Tier – offsite backup repository
Scale-out repository – Capacity Tier – Microsoft Azure Storage

No matter the performance tier has gateway server or not, it also has the error.

Do anyone experienced this error and how to fix it?

Case# 04990070

Kind Regards,
Leo
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: problems adding azure blob storage account

Post by HannesK »

Hello,
sounds like the same issue above. If that's not the case, please continue working with support.

Best regards,
Hannes
marcusvdias
Lurker
Posts: 1
Liked: never
Joined: Nov 29, 2021 7:25 pm
Full Name: Marcus Vinicius Dias
Contact:

Re: problems adding azure blob storage account

Post by marcusvdias »

Hi
I have the same problem (Error: Azure Cloud connection has returned an untrusted certificate) and the case 05155881 was opened.
Do anyone experienced this error and how to fix it?
Best Regards
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: problems adding azure blob storage account

Post by veremin »

As I can see, you have just provided the debug logs for our support team, so give a chance to analyze those and come up with the solution.

Also, you can try the advice given above regarding providing backup server with access to certificate validation point and see whether it makes any difference.

Thanks!
bc092023
Novice
Posts: 4
Liked: never
Joined: Dec 05, 2022 5:55 pm
Full Name: b4

Re: problems adding azure blob storage account

Post by bc092023 »

What is the Azure service being called for PKI check? Need to whitelist this in the firewall in a segmented environment and having the same error. Not sure what to reference as there is no such thing as "Microsoft PKI Server."
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: problems adding azure blob storage account

Post by HannesK »

Hello,
and welcome to the forums.

It's a normal certificate check. If you open the certificate of of the Azure blob storage (<youraccount>.blob.core.windows.net), you can see the certificate authority. It has nothing to do with Microsoft.

https://learn.microsoft.com/en-us/micro ... -worldwide might help

Best regards,
Hannes
bc092023
Novice
Posts: 4
Liked: never
Joined: Dec 05, 2022 5:55 pm
Full Name: b4

Re: problems adding azure blob storage account

Post by bc092023 »

Hi,
We have whitelisted *blob.core.usgovcloudapi.net but still get the untrusted certificate error. Is this checking on port 80 instead of 443? Is there any sort of additional requirement for GovCloud connections? Any way to dig deeper?
Thanks
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: problems adding azure blob storage account

Post by HannesK »

Hello,
one needs to whitelist the certificate authority (CA) servers. "*blob.core.usgovcloudapi.net" does not sound like CA servers to me.

Best regards,
Hannes
bc092023
Novice
Posts: 4
Liked: never
Joined: Dec 05, 2022 5:55 pm
Full Name: b4

Re: problems adding azure blob storage account

Post by bc092023 »

These are all the URLs that were whitelistd:
crl.entrust.net
crl3.digicert.com
crl4.digicert.com
ocsp.digicert.com
ocsp.entrust.net
and this:
*.blob.core.usgovcloud.api.net (This is the URL the certificate is covering and showing, perhaps not the CA).

From the list provided here:
https://learn.microsoft.com/en-us/micro ... -worldwide

The certificate shows two CRL distribution list URLs that are not listed anywhere... are these what need white listed?
http://mscrl.microsoft.com/pki/mscorp/c ... A%2001.crl
http://crl.microsoft.com/pki/mscorp/crl ... A%2001.crl
bc092023
Novice
Posts: 4
Liked: never
Joined: Dec 05, 2022 5:55 pm
Full Name: b4

Re: problems adding azure blob storage account

Post by bc092023 »

Maybe the issue is the whitelisting requires port 80 open and not only 443 because it is using this cert and we whitelisted these URLs on 443....
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: problems adding azure blob storage account

Post by HannesK »

hmm, there should be errors in the log. Veeam support can help to find out what's really the issue. Please post the support case number for reference.
agrob
Veteran
Posts: 380
Liked: 48 times
Joined: Sep 05, 2011 1:31 pm
Full Name: Andre
Contact:

Re: problems adding azure blob storage account

Post by agrob »

we had to add the following url as whell to the whitelist.
crl.microsoft.com

it just stopped working the last days (copy job to copy vba backups to vbr). after adding url above, it worked again
apolloxm
Enthusiast
Posts: 90
Liked: 1 time
Joined: Aug 27, 2021 12:29 am
Contact:

Re: problems adding azure blob storage account

Post by apolloxm »

Can you tell us how to whitelist those URL? in the Firewall? we got the same issue here
agrob
Veteran
Posts: 380
Liked: 48 times
Joined: Sep 05, 2011 1:31 pm
Full Name: Andre
Contact:

Re: problems adding azure blob storage account

Post by agrob »

Yes, in the Firewall or Proxy or whatever you have in place between your Backup Infrastructure and the internet...
Post Reply

Who is online

Users browsing this forum: No registered users and 12 guests