Failed to update license key

[pronto]

Servus Community,

we have received two identical warnings regarding an error with the license key update. A license expires in about four weeks and we do not want to renew it. Can this be the reason for this warning or do I have to look for the problem somewhere else?





Thx & Bye Tom

[Mildur]

Hi

Seeing the mail it seems to be an issue with the connection with Veeam license server.
An expiring license will not generate this warning.
Can you open a support case and post the case number?

Thanks
Fabian

[pronto]

Servus Fabian,

damn you are right, the backup server has no internet connection. Now that's not very clever, it's not supposed to have one either. Do you know which IP addresses and ports have to be allowed to get this work?

Thx & Bye Tom

[Mildur]

Hi Tom

No Internet connection is ok and recommended for the VBR Server, but we require some connections
Veeam needs to access the following URLs for license services:
vbr.butler.veeam.com, autolk.veeam.com.
Port 443 (https)

If you want to have update notifications, veeam needs to access the following URL:
dev.veeam.com
Port 443 (https)

If you use Cloud Services (Object Storage, Cloud Connect Provider), also open this connections.

Thanks
Fabian

[pronto]

Thx

[squebel]

Sorry to dig up an older thread but having issues with this in a secure environment. I've opened outbound on 443 to these addresses and they test fine. However, the license update error still occurs and in the firewall we see A LOT of addresses that do not match the addresses that come back if you do an nslookup on these destination urls. I will open a case but thought I would ask here as well. Thanks.

[Mildur]

Hi squebel

I'm curious, what additional addresses can you see? I get a CNAME for vbr.butler.veeam.com & an A response for autolk.veeam.com:

- vbr.butler.veeam.com. 300 IN CNAME lb-ext-01.veeam.com
- autolk.veeam.com. IN A ****

All FQDNs are documented in our help center. If you use a proxy server, you may want to check
KB1975 for the proxy configuration. A case with support may be best if it doesn't work for you.

Best,
Fabian

[squebel]

Our firewall is seeing all these different IPs trying to be hit from our VBR server:

port 443:
52.61.9.57
52.185.211.133
52.61.57.53
52.222.93.101
52.222.108.82
52.61.77.105

port 80:
18.238.171.112
18.238.171.125
18.238.171.70
18.238.171.20

We've opened up access to all the urls that are documented but there are still issues.

[squebel]

The help center article mentions that the CRL endpoint list can change and to check the certificate for an accurate list of endpoints. Pardon my ignorance but which certificate do I check for this list? How do I get that certificate in order to check it? Is it possible we're getting redirected to something in the CRL list that does not match the urls we've allowed access to?

Btw, I've been told we can't use wildcards so that is why it's hard to nail this down at the moment.

I did open a case but so far no resolution to the issue.

[squebel]

Here is the entire list of URLs we had to open to get this working:

autolk.veeam.com
vbr.butler.veeam.com
o.ss2.us
ocsp.r2m03.amazontrust.com
ocsp.rootca1.amazontrust.com
ocsp.rootg2.amazontrust.com
ocsp.sca1b.amazontrust.com
crl.r2m03.amazontrust.com (Not documented)
crt.r2m03.amazontrust.com (Not documented)