After vSphere 6.0 upgrade - remote certificate is invalid

VMware specific discussions

After vSphere 6.0 upgrade - remote certificate is invalid

Veeam Logoby Craigb » Thu May 07, 2015 9:07 am 14 people like this post

After upgrading the vsphere vCenter server from 5.5.2 to 6.0.0 (which did automatically upgrade the SSL certificates) backups and restores from veeam b&r 8.0.0.2 fail when tested.

The backup details show:
- Task failed Error: The remote certificate is invalid according to the validation procedure.

A restore attempt shows the following when attempting to expand the VC node:
- Failed to login to "myVC" by SOAP, port 443, user "myVC\admin_account", proxy srv: port:0
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.

<side_issue> tried upgrading the vsphere client (exe) on the b&r host to trick SSL, that didn't help </side_issue>

Ok.. so..
* In VeeamB&R -> "Backup Infrastructure", drill down the offered tree +Managed servers + VMware vSphere + vCenter Servers + myVC.
* right click on myVC and select menu item "properties"
.. 'Name' page .. leave alone
(b)"Next"
.. 'Credentials' page..
(b)"Next"
now this looks good.. "an untrusted certificate is installed on "myVC" and secure communication cannot be guaranteed. Connect to this server anyway?
(b)"Connect"
bit of connecting and saving server configuration going on.. then done
..'Summary' page.
shows a summary that includes "Host info: VMware VCenter Server 5.5.0 build-2183111" which I think is odd since the whole issue stems from the upgrade to 6.0.0 and the build shown there is 2656760.
(b)"Finish"

ps: "myVC" is my vCenter server, mine isn't actually called that and I doubt yours is either.

Test a restore of an 'incidental' machine.. I can now browse past the VC node of the Hosts and Clusters tree which was my initial stopping point so I'll cancel the restore wizard and test a backup.

Backup and Replication -> jobs -> Backup -> cbdev.. [RMB] start ...success !!

It's been a bit of a day, I hope this info helps someone.
Craigb
Influencer
 
Posts: 12
Liked: 18 times
Joined: Wed Nov 14, 2012 2:28 am
Full Name: Craig Braithwaite

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby foggy » Thu May 07, 2015 4:41 pm

Craig, thanks for sharing this with the community! Much appreciated.
foggy
Veeam Software
 
Posts: 14728
Liked: 1078 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby trl-london » Fri May 08, 2015 8:49 pm

Thanks for taking the time to share that.

You have just saved several hours of my Friday night working through the problem.

Much appreciated.
trl-london
Lurker
 
Posts: 1
Liked: never
Joined: Wed Jan 04, 2012 11:02 am

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby gurneetech » Thu Jun 04, 2015 1:12 pm

Thank you, this helped me as well. Steps where identical to what I saw, including the vCenter version cosmetically listing at v5.5.
gurneetech
Lurker
 
Posts: 1
Liked: never
Joined: Mon Jun 23, 2014 1:51 pm

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby etb » Fri Jun 26, 2015 3:08 pm

Thx bud, this fixed it.
etb
Lurker
 
Posts: 1
Liked: never
Joined: Fri Jun 26, 2015 2:57 pm
Full Name: Eric Bostrom

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby ryanworrell » Wed Aug 05, 2015 3:57 pm

Thanks for sharing!
ryanworrell
Lurker
 
Posts: 2
Liked: 1 time
Joined: Thu Dec 04, 2014 6:02 pm
Full Name: Ryan Worrell

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby DaveBristolIT » Wed Oct 21, 2015 3:25 pm

Confirmed: Also works with Standalone ESXi hosts
DaveBristolIT
Influencer
 
Posts: 13
Liked: 1 time
Joined: Mon Mar 17, 2014 11:06 am
Full Name: Dave Hamer

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby chjones » Wed Oct 21, 2015 6:52 pm

I had the same issue after replacing all certificates with ones signed by our internal Microsoft Enterprise Root CA, a rescan of vCenter would fail along with backups and restores due to certificate errors. I did the same thing, just edit the vCenter Server within the B&R Console and click Next thru the entire wizard, then click Finish. It's almost too easy. Then I did a rescan of vCenter and it was all good.

It should be a good habit of all B&R admins that whenever you change anything at all with vCenter, storage infrastructure or proxies you should always rescan that infrastructure within the B&R console. I do this religiously and it solves problems before they become real issues.
chjones
Enthusiast
 
Posts: 83
Liked: 25 times
Joined: Tue Oct 30, 2012 7:53 pm
Full Name: Chris Jones

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby tinto1970 » Thu Oct 29, 2015 9:41 am 1 person likes this post

Craigb wrote:* In VeeamB&R -> "Backup Infrastructure", drill down the offered tree +Managed servers + VMware vSphere + vCenter Servers + myVC.
* right click on myVC and select menu item "properties"
.. 'Name' page .. leave alone
(b)"Next"
.. 'Credentials' page..
(b)"Next"
now this looks good.. "an untrusted certificate is installed on "myVC" and secure communication cannot be guaranteed. Connect to this server anyway?
(b)"Connect"
bit of connecting and saving server configuration going on.. then done
..'Summary' page.
shows a summary that includes "Host info: VMware VCenter Server 5.5.0 build-2183111" which I think is odd since the whole issue stems from the upgrade to 6.0.0 and the build shown there is 2656760.
(b)"Finish"


hi, this was useful even after a certificate regeneration performed on a VCSA.
Alessandro Tinivelli aka Tinto
@tinto1970
tinto1970
Enthusiast
 
Posts: 69
Liked: 25 times
Joined: Thu Sep 26, 2013 8:40 am
Location: Bologna, Italy
Full Name: Alessandro Tinivelli

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby AnnaR » Thu Nov 05, 2015 1:14 pm

Thanks for the info! Fixed my issue. :) :D
AnnaR
Lurker
 
Posts: 1
Liked: never
Joined: Wed Nov 10, 2010 7:36 pm

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby rschuiling » Wed Dec 02, 2015 6:29 pm 1 person likes this post

Yep, same here after I changed the certifcate of the VCSA for Citrix integration .......
Followed your steps and it was solved. Thanks !!
Will also religiously rescan Veeam infrastructure :mrgreen:
rschuiling
Service Provider
 
Posts: 2
Liked: 4 times
Joined: Fri Nov 07, 2014 1:18 am
Full Name: Raymond Schuiling

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby cminias » Fri Jan 22, 2016 12:49 pm 1 person likes this post

Craig you are awesome. Not only you figured out an obscure error, but you took the time to post it (and save my day).
Thank you!
:D
cminias
Lurker
 
Posts: 2
Liked: 1 time
Joined: Fri Nov 15, 2013 12:43 pm
Full Name: Christos Minias

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby Terrh » Thu Jan 28, 2016 8:59 am

Saved me a whole bunch of pain too - Let me add my thanks too!
Terrh
Lurker
 
Posts: 1
Liked: never
Joined: Mon Sep 14, 2015 4:04 am
Full Name: James C King

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby gtaylor85 » Mon Feb 01, 2016 4:00 pm

This helped me today. Thank you for sharing.
gtaylor85
Lurker
 
Posts: 1
Liked: never
Joined: Mon Feb 01, 2016 3:59 pm
Full Name: Garrett

Re: After vSphere 6.0 upgrade - remote certificate is invali

Veeam Logoby straycur » Tue Feb 16, 2016 5:48 pm

Thx for the helpful post. Certs broke in Veeam after our cert manager updated them.

To fix them all I had to do was drill into Backup Infrastructure -> VMware server, touch Credentials (without changing them) and Finish the configuration
VMs started backing up successfully again for both running jobs, and failed jobs that I retried just 45 minutes after I first saw the failures.

Quick easy solution to something that could have been long and painful.
straycur
Novice
 
Posts: 4
Liked: 5 times
Joined: Mon Aug 12, 2013 11:27 pm
Full Name: Susan Strayer Curtis

Next

Return to VMware vSphere



Who is online

Users browsing this forum: ilya.konopak and 23 guests