Failed to send certificate, but certificate is required for remote agent management Error: Unknow

[Morgenstern72]

Agent: VeeamAgentWindows_5.0.1.4584 (test license, 30 days full features)
BR: 10.0.1.4854 (not domain joined)
Server to be backup up: 123.0.123.39 (domain joined)

I need to make a POC with VMs on HC3 Scale Hypervisor and Backup with B&R over the agent.

I tested the credentials successfully (In Physical Infrastructure), but when BR tries to scan the host it get's the error "Failed to send certificate, but certificate is required for remote agent management Error: Unknown"

In the log file I find

[14.12.2021 14:12:10] <01> Info Connecting to VAW, ips: '123.0.123.39'
[14.12.2021 14:12:10] <01> Info Interaction protocol version: 4.
[14.12.2021 14:12:10] <01> Error Cannot create endpoint connection.
[14.12.2021 14:12:10] <01> Error Unknown protocol version (System.Exception)

These are the open ports from BR server to server to be backed up (123.0.123.39)
TCP 135 High
TCP 137 139
TCP 445 High
TCP 6160 High
TCP 11731 High
TCP 6184 High
TCP 2500 3300
TCP 6167 High
UDP 135 High
UDP 137 139
UDP 445 High
UDP 6160 High
UDP 11731 High
TCP 6185 High
TCP 135 High
UDP 135 High

I checked the Local Group Policy settings found here veeam-agent-for-windows-f33/failed-to-s ... 66320.html
"Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options" on both servers(Windows agent + VBR). Following keys should be in NotConfigured\AllowAll state: [Network security: LAN Manager authentication level], [Restrict NTLM: Incoming traffic], [Restrict NTLM: Outgoing traffic].
None are set.

Thank you for your time and help

[HannesK]

Hello,
That sounds like a technical issue. Please provide a support case ID for this issue, as requested when you click New Topic.

First: I suggest to use the current version for POCs (meaning use version 11a with latest patches).

Second: also customers who are evaluating can open cases with evaluation support. If you are a partner: this needs to be done with a customer account (free of charge). It looks like a firewall issue, but that's something support can figure out with the logs.

Is 2500 3300 meaning 2500-3300?
I'm missing ports of the distribution server in your list.

You could also check for blocked packets on the firewall. That might be the easiest way.

Best regards,
Hannes

[Morgenstern72]

"Is 2500 3300 meaning 2500-3300?" -> Yes

"I'm missing ports of the distribution server in your list." ->
From BR server to Agent
TCP 6184+
TCP/UDP 135,137, 138,139,445,6160,11731

From Agent to BR Server
TCP 10005, 9395+, 6183, 6184, 6185
TCP Dynamic 49152 to 65535 & 2500 to 3300
TCP/UDP: 137,138,139,445

"That sounds like a technical issue. Please provide a support case ID for this issue, as requested when you click New Topic."
I was not aware I can do that for evaluation, will do!

"First: I suggest to use the current version for POCs (meaning use version 11a with latest patches)." -> Cant do that. It's an old existing BR environment still backing up a few non production VMs from ESX 6.5i servers. Only when the POC is successful the company will buy a new license and upgrade to the latest BR version. Im sure it will work like a charm, but of course I need to proof it first.

[Gostev]

Agent: VeeamAgentWindows_5.0.1.4584 (test license, 30 days full features)
BR: 10.0.1.4854 (not domain joined)

[14.12.2021 14:12:10] <01> Error Unknown protocol version (System.Exception)

Here's your issue right here: you're trying to use the most current version of Veeam Agent for Windows against Veeam Backup & Replication 10a.

You backup server cannot possibly know how to deal with an agent version released 1.5 years later.

You need to use an agent version that was included in 10a, which is 4.0.1.

[HannesK]

good point with the version mismatch

I missed that he tries manual installation instead of central deployment from VBR.

[Morgenstern72]

Here's your issue right here: you're trying to use the most current version of Veeam Agent for Windows against Veeam Backup & Replication 10a.
You backup server cannot possibly know how to deal with an agent version released 1.5 years later.
You need to use an agent version that was included in 10a, which is 4.0.1.

That was of course the reason. Thank you for your help!