certificate problem

[robg]

I started getting this in Veeam:

Task failed. Error: The remote certificate is invalid according to the validation procedure.

All I did was plug the HP iLO port into the network for my 3 servers. ILO is unconfigured. It looks like this changed the certificate on the server. Very strange, and this would seem to be something that Veeam overlooked, but probably outside of its control.

Now I don't know the impact of removing the hosts from Veeam and re-adding them, if that's going to screw up my backup chains or what.

[Andreas Neufert]

A bit hard to follow which server changed the certificate.
But if it is the VMware Servers, then run the VMware Managed Server wizard again (add vcenter or add esxi) for the existing objects. It will show you likely the changed certificate and you can accept it in the wizard. This should address it.

My guess is that that this has nothing to do with ILO. I guess that just a date in the ceriticate block the usage.

[robg]

I edited the server in question and clicked next after the credentials, this is where it prompts with a security warning that says the certificate is untrusted. after I click connect and "detecting server type" it comes back with Failed to login to "x.x.x.x" by SOAP, port 443, user "root" proxy srv:port:() The remote server returned an error: (404) Not Found.

When I click view certificate, it says the date is valid from: 7/21/2015 to 6/15/2004 (yes in that order)

My guess is that ILO's certificate is outdated and invalid. But the bizarre part is A) Why does ESXi now think that this is the server's certificate, or B) Why is Veeam looking at this one.

The ILO is on a dedicated port which should be a completely independent IP address from the main server IP. I don't think I have any choice but to unplug it to get the original certificate back.

[Andreas Neufert]

I would say, create a support case and let our team have a look. I don´t see how ILO could change the ceritifcate within VMware.
But maybe you have enabled by accident something in ILO that answers on same IP on port 443. So that we land on the ILO at this IP instead on VMware.
Doulbe check by browser on the veeam server https://x.x.x.x should show the VMware view and not the ILO.

[robg]

The IP address still leads to the correct place, which is the VMWare ESXi landing page. This is 6.0.0 Update 2. ILO was never configured.

I don't have a support contract, the point of this message is more to let you know that this is a bizarre situation that you may want to test against. Simply putting an ILO interface on the network shouldn't screw up Veeam in any way, but it could be a design flaw of ESXi.