-
- Certified Trainer
- Posts: 91
- Liked: 5 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
2 problems adding minio
I'm trying minio for windows as object storage.
Started minio server using: minio server E:\minio\minio-storage\ --console-address :2222
I'm able to connect to the console using minioadmin and created a bucket
stopped minio server
Generated the certificate using certgen and placed in C:\Users\myuser\.minio\certs
started minio server using: minio server E:\minio\minio-storage\ --console-address :2222
if I try to connect to console using minioadmin I get {"code":401,"detailedMessage":"invalid Login","message":"invalid Login"
and if I try to add an S3 compatible repository, after have 'acceptd' to use untruysted certificate, I get :
failed to load Amazon S3 compatible configuration
any idea?
Started minio server using: minio server E:\minio\minio-storage\ --console-address :2222
I'm able to connect to the console using minioadmin and created a bucket
stopped minio server
Generated the certificate using certgen and placed in C:\Users\myuser\.minio\certs
started minio server using: minio server E:\minio\minio-storage\ --console-address :2222
if I try to connect to console using minioadmin I get {"code":401,"detailedMessage":"invalid Login","message":"invalid Login"
and if I try to add an S3 compatible repository, after have 'acceptd' to use untruysted certificate, I get :
failed to load Amazon S3 compatible configuration
any idea?
-
- Veeam Software
- Posts: 287
- Liked: 138 times
- Joined: Jul 24, 2018 8:38 pm
- Full Name: Stephen Firmes
- Contact:
Re: 2 problems adding minio
@balma01 I haven't seen this exact error before. MinIO has some great instructions here https://docs.min.io/docs/using-minio-with-veeam.html which may help you. Additionally, one of my colleagues @jorgedlcruz wrote a great blog which walks you through the steps to setup MinIO + Veeam https://jorgedelacruz.uk/2020/07/22/vee ... s-encrypt/.
Steve Firmes | Senior Solutions Architect, Product Management - Alliances @ Veeam Software
-
- Certified Trainer
- Posts: 91
- Liked: 5 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
Re: 2 problems adding minio
Hi and thanks.
I've readed the guides provided then I fregenerad my certificate using
Generated the certificate using certgen -ca -host "192.168.x.y"
placed public and private in C:\Users\myuser\.minio\certs
started minio server using: minio server E:\minio\minio-storage\ --console-address :2222
Now I'm able to connect to the minioconsole console using minioadmin
But if I try to add an S3 compatible repository, using https://192.168.x.y:9000
I get :
failed to load Amazon S3 compatible configuration
failed to estabilish connection to Amazon S3 compatible endpoint
I've readed the guides provided then I fregenerad my certificate using
Generated the certificate using certgen -ca -host "192.168.x.y"
placed public and private in C:\Users\myuser\.minio\certs
started minio server using: minio server E:\minio\minio-storage\ --console-address :2222
Now I'm able to connect to the minioconsole console using minioadmin
But if I try to add an S3 compatible repository, using https://192.168.x.y:9000
I get :
failed to load Amazon S3 compatible configuration
failed to estabilish connection to Amazon S3 compatible endpoint
-
- Certified Trainer
- Posts: 91
- Liked: 5 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
Re: 2 problems adding minio
in the log Agent.PublicCloud.Satellite.1.log I see: WinHttpSendRequest: 12175: A security error occurred
-
- Veteran
- Posts: 643
- Liked: 312 times
- Joined: Aug 04, 2019 2:57 pm
- Full Name: Harvey
- Contact:
Re: 2 problems adding minio
12175 would be an SSL error: https://docs.microsoft.com/en-us/window ... r-messages
So something is still wrong with your cert. I've never tried Minio with a Windows server before, but are you sure it's in the right location for the certs? When you launch the Minio server, it's definitely loading over https, yes? And is the WebUI accessible?
Keep in mind if you're using older operating systems, they don't have support for modern SSL ciphers/protocols by default.
So something is still wrong with your cert. I've never tried Minio with a Windows server before, but are you sure it's in the right location for the certs? When you launch the Minio server, it's definitely loading over https, yes? And is the WebUI accessible?
Keep in mind if you're using older operating systems, they don't have support for modern SSL ciphers/protocols by default.
-
- Product Manager
- Posts: 20353
- Liked: 2285 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: 2 problems adding minio
Agree with Harvey here, it seems like certificate-releated issue. You can verify this assumption by opening a support ticket and asking our engineers for additional assistance. Thanks!
-
- Certified Trainer
- Posts: 91
- Liked: 5 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
Re: 2 problems adding minio
Hi,
it seems the KB https://www.veeam.com/kb3215
is releated to the same problem
I'll check it...
Thanks
it seems the KB https://www.veeam.com/kb3215
is releated to the same problem
I'll check it...
Thanks
-
- Product Manager
- Posts: 20353
- Liked: 2285 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: 2 problems adding minio
The referenced article talks about validating certificate status by checking CA revocation list. This only applies to CA certificates. For self-signed certificates (that you are using) there is no such thing as revocation list: to revoke a self-signed certificate one just need to remove it from the whitelist of trusted certificates.
So while the resulting error is the same, the cases causing it seem to be different. That's why we recommend reaching our support team.
Thanks!
So while the resulting error is the same, the cases causing it seem to be different. That's why we recommend reaching our support team.
Thanks!
-
- Certified Trainer
- Posts: 91
- Liked: 5 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
Re: 2 problems adding minio
Opened case 05034538.
Thanks
Thanks
-
- Product Manager
- Posts: 20353
- Liked: 2285 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: 2 problems adding minio
Thank you, now let's wait and see what support team say about the experienced issue.
-
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: Dec 09, 2014 11:42 am
- Full Name: Andrea Cerrito
- Contact:
Re: 2 problems adding minio
Hello,
were you able to solve the problem?
Thank you
were you able to solve the problem?
Thank you
-
- Veeam Software
- Posts: 682
- Liked: 149 times
- Joined: Jan 22, 2015 2:39 pm
- Full Name: Stefan Renner
- Location: Germany
- Contact:
Re: 2 problems adding minio
Hi Init-s,
can you please describe what issue you see in your environment?
As stated above most of them are certificate related.
Thanks
can you please describe what issue you see in your environment?
As stated above most of them are certificate related.
Thanks
Stefan Renner
Veeam PMA
Veeam PMA
-
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: Dec 09, 2014 11:42 am
- Full Name: Andrea Cerrito
- Contact:
Re: 2 problems adding minio
Hello,
the problem is the same - error 12175 adding a S3 repository on Minio.
Minio is using lets'encrypt certificate: if I publish minio through a reverse proxy (ie: haproxy, nginx) no problem.
Thank you
the problem is the same - error 12175 adding a S3 repository on Minio.
Minio is using lets'encrypt certificate: if I publish minio through a reverse proxy (ie: haproxy, nginx) no problem.
Thank you
-
- Product Manager
- Posts: 20353
- Liked: 2285 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: 2 problems adding minio
Any chance you have a ticket for this issue opened, so we can check how the investigation went? Thanks!
-
- Veeam Software
- Posts: 682
- Liked: 149 times
- Joined: Jan 22, 2015 2:39 pm
- Full Name: Stefan Renner
- Location: Germany
- Contact:
Re: 2 problems adding minio
Just out of interest, did you try to use other certificates as described here: https://docs.min.io/docs/how-to-secure- ... h-tls.html
In all installations I did it worked well so a ticket on both ends, MiniO as well as Veeam would be needed if none of the certificate ways work for you.
Let us know.
Thanks
Stefan Renner
Veeam PMA
Veeam PMA
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
Hi all,
I just got the same error 12175 when trying to add the Minio repository.
Full story :
- My Veeam server is 11.0.0.837
- I was previously using an old version of Minio (2020-09-26) installed as a docker container on a Synology NAS. The certificate was the default self-signed certificate of the NAS, and it worked perfectly.
- Yesterday, I made a fresh new install with the latest version of Minio (still as a docker container). This new version seems to change lots of things about certificates :
- Minio console refused login with my old certificate. I had to generare a new one including IP of the nas as "SAN" IP. I generated a new self-signed certificate with OpenSSL (see the exact command below). After doing that, I managed to login to the Minio admin console with that cert.
- In VBR, when trying to add Minio as "S3 compatible" repository, at the "Browse Bucket" step, I get the error :
Moreover, I tried the workaround exposed here :
https://www.veeam.com/kb3215
but it had no effect.
Thank you in advance. Kind regards.
I just got the same error 12175 when trying to add the Minio repository.
Full story :
- My Veeam server is 11.0.0.837
- I was previously using an old version of Minio (2020-09-26) installed as a docker container on a Synology NAS. The certificate was the default self-signed certificate of the NAS, and it worked perfectly.
- Yesterday, I made a fresh new install with the latest version of Minio (still as a docker container). This new version seems to change lots of things about certificates :
- Minio console refused login with my old certificate. I had to generare a new one including IP of the nas as "SAN" IP. I generated a new self-signed certificate with OpenSSL (see the exact command below). After doing that, I managed to login to the Minio admin console with that cert.
- In VBR, when trying to add Minio as "S3 compatible" repository, at the "Browse Bucket" step, I get the error :
Here's the exact command used to generate the certificate :Failed to load S3 configuration
HTTP Exception
WinHTTP SendRequest 12175 : a security error has occurred
Code: Select all
export HOST="my-minio"
export IP="<IP of the Minio server"
openssl req -newkey rsa:4096 -nodes -keyout ${HOST}.key -x509 -days 3650 -out ${HOST}.crt -addext "subjectAltName = IP:${IP}" -subj "/C=US/ST=CA/L=Test/O=TEST/OU=TEST/CN=${HOST}/"
https://www.veeam.com/kb3215
but it had no effect.
Thank you in advance. Kind regards.
-
- Veeam Software
- Posts: 1476
- Liked: 652 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: 2 problems adding minio
Hello,
Just as a quick test, would you mind testing the same but with a subjectaltname, meaning minio.yourdomain.com, and be sure that can be resolved internally by minio and Veeam. You can use dnsmasq on the minio environment, and the hosts file on Veeam, or better just to use a valid DNS server.
As far as I know, SSL certificates are not valid, or an internal IP is not valid for a SSL, so Veeam might fail reading that SSL with an IP as subjectAltName.
I can give it a try later on, but every time I have deployed minio, or many other services, using a valid FQDN, I am using jorgedelacruz.es which is a valid TLD, plus I use it internally, never had any problem.
Please give it a try.
Just as a quick test, would you mind testing the same but with a subjectaltname, meaning minio.yourdomain.com, and be sure that can be resolved internally by minio and Veeam. You can use dnsmasq on the minio environment, and the hosts file on Veeam, or better just to use a valid DNS server.
As far as I know, SSL certificates are not valid, or an internal IP is not valid for a SSL, so Veeam might fail reading that SSL with an IP as subjectAltName.
I can give it a try later on, but every time I have deployed minio, or many other services, using a valid FQDN, I am using jorgedelacruz.es which is a valid TLD, plus I use it internally, never had any problem.
Please give it a try.
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
Hi,
I tried creating a new certificate using instructions here :
https://docs.min.io/docs/how-to-secure- ... -tls.html
Here's the exact openssl.conf :
and the exact command to create the certificate :
The Minio server is on a different firewall zone, and has no connection to Internet. There's no direct DNS resolution between Minio server and VBR server. Then, I added the name of the minio-server ("minio-medi") to the hosts file on the VBR server.
-> This does not change anything. Still getting 12175 error...
I tried creating a new certificate using instructions here :
https://docs.min.io/docs/how-to-secure- ... -tls.html
Here's the exact openssl.conf :
Code: Select all
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = FR
ST = CO
L = Ajaccio
O = MEDI
OU = MEDI
CN = minio-medi
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
IP.2 = <ip of the Docker host>
IP.3 = <IP of the docker container>
DNS.1 = minio-medi
Code: Select all
openssl req -new -x509 -nodes -days 1825 -keyout private.key -out public.crt -config openssl.conf
-> This does not change anything. Still getting 12175 error...
-
- Veeam Software
- Posts: 1476
- Liked: 652 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: 2 problems adding minio
Hello,
Would you mind opening Edge, or something better than IE, on the Veeam Server, and opening the https://minio-medi ? Don't you have any fully qualified domain to be like minio-medi.domain.com?
Well, open the site, and show us the SSL, how it can be seen on the browser, details, etc. We are close to fix this, I can feel it.
Would you mind opening Edge, or something better than IE, on the Veeam Server, and opening the https://minio-medi ? Don't you have any fully qualified domain to be like minio-medi.domain.com?
Well, open the site, and show us the SSL, how it can be seen on the browser, details, etc. We are close to fix this, I can feel it.
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
Ahem... Things are a little bit more complicated :
- The VBR server is on a site A
- The Minio server is on a site B
- There's a Veeam Proxy on site B, near the Minio server. VBR operations are configured to use that proxy.
- The VBR server currently has no direct access to the Minio server
- DNS resolution for the host name "minio-medi" works both on the VBR server and on the proxy (for single hostname, not fqdn)
Question :
In such a setup, with a proxy : What direct communication ports are needed between the VBR server and the Minio server ?
- The VBR server is on a site A
- The Minio server is on a site B
- There's a Veeam Proxy on site B, near the Minio server. VBR operations are configured to use that proxy.
- The VBR server currently has no direct access to the Minio server
- DNS resolution for the host name "minio-medi" works both on the VBR server and on the proxy (for single hostname, not fqdn)
Question :
In such a setup, with a proxy : What direct communication ports are needed between the VBR server and the Minio server ?
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
I added direct full communication between the VBR server and the Minio server on the other site. This does not change anything.
Then, the problem may not be related to proxy.
Then, the problem may not be related to proxy.
-
- Veeam Software
- Posts: 1476
- Liked: 652 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: 2 problems adding minio
Can you open a web browser in vbr and navigate to the https://name the same you use on the wizard?
Thanks
Thanks
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
Yes, both https://name and https://name:9000 (the Minio service port) are working from the VBR server.
Firefox displays the usual "self-signed certificate" warning, and displays the login page correctly
The certificate info is exactly what I entered in the previous openssl.conf.
--
I'll try to generate a new cert with a FQDN...
Firefox displays the usual "self-signed certificate" warning, and displays the login page correctly
The certificate info is exactly what I entered in the previous openssl.conf.
--
I'll try to generate a new cert with a FQDN...
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
I generated a new cert with the previous command, but with a FQDN (minio.domain.local) instead of a single hostname.
Full DNS resolution works with that FQDN on VBR server.
In Firefox, https://minio.domain.local works (with the usual self-signed warning / override)
... but VBR still shows me the 12175 error when clicking on "Browse bucket" !
Full DNS resolution works with that FQDN on VBR server.
In Firefox, https://minio.domain.local works (with the usual self-signed warning / override)
... but VBR still shows me the 12175 error when clicking on "Browse bucket" !
-
- Veeam Software
- Posts: 1476
- Liked: 652 times
- Joined: Jul 17, 2015 6:54 pm
- Full Name: Jorge de la Cruz
- Contact:
Re: 2 problems adding minio
Alright, great steps and work so far. Mind to try with cyberduck on the vbr server to see if you can see the buckets, upload some files, etc?
Thanks!
Thanks!
Jorge de la Cruz
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
Senior Product Manager | Veeam ONE @ Veeam Software
@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2024 / InfluxAce / Grafana Champion
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
I did not know Cyberduck. I'll have a try.
Moreover, I checked my Minio version : Latest Version: minio/minio:RELEASE.2022-06-02T02-11-04Z
-> It seems to be a nightly. Not sure it's a stable release version !
Moreover, I checked my Minio version : Latest Version: minio/minio:RELEASE.2022-06-02T02-11-04Z
-> It seems to be a nightly. Not sure it's a stable release version !
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
Hi,
Does anybody have news about that problem ?
Connecting to Minio S3 from Cyberduck works (after the usual warning about self-signed certificate).
Trying to add a repo in VBR still fails :
- The login step is OK
- When clicking on "Bucket / Browse", it fails with 12175 error code
Kind regards,
Does anybody have news about that problem ?
Connecting to Minio S3 from Cyberduck works (after the usual warning about self-signed certificate).
Trying to add a repo in VBR still fails :
- The login step is OK
- When clicking on "Bucket / Browse", it fails with 12175 error code
Kind regards,
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
I also found that :
object-storage-f52/unofficial-compatibi ... 56976.html
It's about default TLS version on old Windows 2012 R2. My VBR is 2019, but indeed the Veeam Proxy is 2012 R2. I tried to add the registry key to force TLS1.2 by default, but it does not change anything.
In what log file can I find information about SSL/TLS exchanges between VBR and Minio ?
Kind regards
object-storage-f52/unofficial-compatibi ... 56976.html
It's about default TLS version on old Windows 2012 R2. My VBR is 2019, but indeed the Veeam Proxy is 2012 R2. I tried to add the registry key to force TLS1.2 by default, but it does not change anything.
In what log file can I find information about SSL/TLS exchanges between VBR and Minio ?
Kind regards
-
- Product Manager
- Posts: 20353
- Liked: 2285 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: 2 problems adding minio
I think at this stage we'd better proceed with support ticket. It still looks like an issue with two different sites and verification of self-signed certificate that travelling between those locations, but upport engineer will be able to spot the exact problem in the provided debug logs.
Thanks!
Thanks!
-
- Service Provider
- Posts: 97
- Liked: 13 times
- Joined: Jun 06, 2019 2:10 pm
- Full Name: Toussaint OTTAVI
- Contact:
Re: 2 problems adding minio
Hi,
Thank you for your answers. I am sorry, but opening a support case is not an option for me at this time. It's far too much time-consuming. I've currently been talking with level-1 support for three days about another critical problem that :
- needs 3 minutes to be solved
- would break one of our production servers in a few days
It's still not solved, and I'm still writing prose to people who clearly does not seem to understand where the problem is.
This forum is valuable, but level-1 support (and particularly licensing support) can really be wearying
Kind regards
Thank you for your answers. I am sorry, but opening a support case is not an option for me at this time. It's far too much time-consuming. I've currently been talking with level-1 support for three days about another critical problem that :
- needs 3 minutes to be solved
- would break one of our production servers in a few days
It's still not solved, and I'm still writing prose to people who clearly does not seem to understand where the problem is.
This forum is valuable, but level-1 support (and particularly licensing support) can really be wearying
Kind regards
Who is online
Users browsing this forum: No registered users and 7 guests