Veeam B&R v11; Host discovery with warnings: failed to validate certificate for ESXi host

[sandsturm]

After we upgraded some of our VBR server from v10 to v11, we see now the following warning during ESXi host discovery:

Failed to validate certificate for ESXi host: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <ipaddress:443>

We haven't seen this message with version 10... it's new with v11. I opened a case for that(case number 04818569)

Answer from support was, that since v11 Veeam server now tries to connect to every ESXi host in the environment with https. We have one central vCenter server with ESXi hosts in different locations all over the world. Each location does have its own VBR server which is responsible to create backups for this location. Which is a standard architecture in my opinion. We do not allow by firewalls that VBR server from location A can connect to ESXi servers from location B. This connection is not needed for anything, but Veeam now since V11 needs this! I'm just asking: what for? That seems to me not really an "enterprise-like" behavior.... I think other larger companies are having a similar setup and will have the same problems too....

Is there a way to suppress this behavior?

thx
sandsturm

[HannesK]

Hello,
hmm, agree that a connection to an ESXi host to other locations sounds unexpected.

Let me check for the details.

Best regards,
Hannes

[AlexL]

Just upgraded from v10 to v11, same issue, warnings for every esxi host, but our setup is simpler, just one data center with vcenter and a number of esxi hosts.

Code: Select all

27-5-2021 16:00:29 Warning    Failed to validate certificate for ESXi host: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.x.x.x:443

[HannesK]

Hello,
we are still in "investigating" status. There are several options as far as I hear from my colleagues.

Best regards,
Hannes

[allen.jones1@ge.com]

Seeing the same thing: "Failed to validate certificate for ESXi host: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.." when rescanning the vCenter. Only 3 out of 50+ are showing this however..

[HannesK]

if it's the same issue, then allowing the connection as mentioned in https://helpcenter.veeam.com/docs/backu ... ml?ver=110 should solve it (if not, please investigate with support).

If you cannot do that for security reasons, then the only option is to wait for a fix on that issue (no time estimation yet)