Discussions specific to the VMware vSphere hypervisor
Craigb
Influencer
Posts: 13
Liked: 24 times
Joined: Nov 14, 2012 2:28 am
Full Name: Craig Braithwaite
Contact:

After vSphere 6.0 upgrade - remote certificate is invalid

Post by Craigb » May 07, 2015 9:07 am 20 people like this post

After upgrading the vsphere vCenter server from 5.5.2 to 6.0.0 (which did automatically upgrade the SSL certificates) backups and restores from veeam b&r 8.0.0.2 fail when tested.

The backup details show:
- Task failed Error: The remote certificate is invalid according to the validation procedure.

A restore attempt shows the following when attempting to expand the VC node:
- Failed to login to "myVC" by SOAP, port 443, user "myVC\admin_account", proxy srv: port:0
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.

<side_issue> tried upgrading the vsphere client (exe) on the b&r host to trick SSL, that didn't help </side_issue>

Ok.. so..
* In VeeamB&R -> "Backup Infrastructure", drill down the offered tree +Managed servers + VMware vSphere + vCenter Servers + myVC.
* right click on myVC and select menu item "properties"
.. 'Name' page .. leave alone
(b)"Next"
.. 'Credentials' page..
(b)"Next"
now this looks good.. "an untrusted certificate is installed on "myVC" and secure communication cannot be guaranteed. Connect to this server anyway?
(b)"Connect"
bit of connecting and saving server configuration going on.. then done
..'Summary' page.
shows a summary that includes "Host info: VMware VCenter Server 5.5.0 build-2183111" which I think is odd since the whole issue stems from the upgrade to 6.0.0 and the build shown there is 2656760.
(b)"Finish"

ps: "myVC" is my vCenter server, mine isn't actually called that and I doubt yours is either.

Test a restore of an 'incidental' machine.. I can now browse past the VC node of the Hosts and Clusters tree which was my initial stopping point so I'll cancel the restore wizard and test a backup.

Backup and Replication -> jobs -> Backup -> cbdev.. [RMB] start ...success !!

It's been a bit of a day, I hope this info helps someone.

foggy
Veeam Software
Posts: 17908
Liked: 1506 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by foggy » May 07, 2015 4:41 pm

Craig, thanks for sharing this with the community! Much appreciated.

trl-london
Lurker
Posts: 1
Liked: never
Joined: Jan 04, 2012 11:02 am
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by trl-london » May 08, 2015 8:49 pm

Thanks for taking the time to share that.

You have just saved several hours of my Friday night working through the problem.

Much appreciated.

gurneetech
Novice
Posts: 9
Liked: 4 times
Joined: Jun 23, 2014 1:51 pm
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by gurneetech » Jun 04, 2015 1:12 pm

Thank you, this helped me as well. Steps where identical to what I saw, including the vCenter version cosmetically listing at v5.5.

etb
Lurker
Posts: 1
Liked: never
Joined: Jun 26, 2015 2:57 pm
Full Name: Eric Bostrom
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by etb » Jun 26, 2015 3:08 pm

Thx bud, this fixed it.

ryanworrell
Lurker
Posts: 2
Liked: 1 time
Joined: Dec 04, 2014 6:02 pm
Full Name: Ryan Worrell
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by ryanworrell » Aug 05, 2015 3:57 pm

Thanks for sharing!

DaveBristolIT
Influencer
Posts: 14
Liked: 1 time
Joined: Mar 17, 2014 11:06 am
Full Name: Dave Hamer
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by DaveBristolIT » Oct 21, 2015 3:25 pm

Confirmed: Also works with Standalone ESXi hosts

chjones
Expert
Posts: 104
Liked: 27 times
Joined: Oct 30, 2012 7:53 pm
Full Name: Chris Jones
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by chjones » Oct 21, 2015 6:52 pm

I had the same issue after replacing all certificates with ones signed by our internal Microsoft Enterprise Root CA, a rescan of vCenter would fail along with backups and restores due to certificate errors. I did the same thing, just edit the vCenter Server within the B&R Console and click Next thru the entire wizard, then click Finish. It's almost too easy. Then I did a rescan of vCenter and it was all good.

It should be a good habit of all B&R admins that whenever you change anything at all with vCenter, storage infrastructure or proxies you should always rescan that infrastructure within the B&R console. I do this religiously and it solves problems before they become real issues.

tinto1970
Enthusiast
Posts: 78
Liked: 25 times
Joined: Sep 26, 2013 8:40 am
Full Name: Alessandro Tinivelli
Location: Bologna, Italy
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by tinto1970 » Oct 29, 2015 9:41 am 1 person likes this post

Craigb wrote: * In VeeamB&R -> "Backup Infrastructure", drill down the offered tree +Managed servers + VMware vSphere + vCenter Servers + myVC.
* right click on myVC and select menu item "properties"
.. 'Name' page .. leave alone
(b)"Next"
.. 'Credentials' page..
(b)"Next"
now this looks good.. "an untrusted certificate is installed on "myVC" and secure communication cannot be guaranteed. Connect to this server anyway?
(b)"Connect"
bit of connecting and saving server configuration going on.. then done
..'Summary' page.
shows a summary that includes "Host info: VMware VCenter Server 5.5.0 build-2183111" which I think is odd since the whole issue stems from the upgrade to 6.0.0 and the build shown there is 2656760.
(b)"Finish"
hi, this was useful even after a certificate regeneration performed on a VCSA.
Alessandro Tinivelli aka Tinto
@tinto1970

AnnaR
Lurker
Posts: 1
Liked: never
Joined: Nov 10, 2010 7:36 pm
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by AnnaR » Nov 05, 2015 1:14 pm

Thanks for the info! Fixed my issue. :) :D

rschuiling
Lurker
Posts: 2
Liked: 5 times
Joined: Nov 07, 2014 1:18 am
Full Name: Raymond Schuiling

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by rschuiling » Dec 02, 2015 6:29 pm 1 person likes this post

Yep, same here after I changed the certifcate of the VCSA for Citrix integration .......
Followed your steps and it was solved. Thanks !!
Will also religiously rescan Veeam infrastructure :mrgreen:

cminias
Lurker
Posts: 2
Liked: 1 time
Joined: Nov 15, 2013 12:43 pm
Full Name: Christos Minias
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by cminias » Jan 22, 2016 12:49 pm 1 person likes this post

Craig you are awesome. Not only you figured out an obscure error, but you took the time to post it (and save my day).
Thank you!
:D

Terrh
Lurker
Posts: 1
Liked: never
Joined: Sep 14, 2015 4:04 am
Full Name: James C King
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by Terrh » Jan 28, 2016 8:59 am

Saved me a whole bunch of pain too - Let me add my thanks too!

gtaylor85
Lurker
Posts: 1
Liked: never
Joined: Feb 01, 2016 3:59 pm
Full Name: Garrett
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by gtaylor85 » Feb 01, 2016 4:00 pm

This helped me today. Thank you for sharing.

straycur
Novice
Posts: 4
Liked: 5 times
Joined: Aug 12, 2013 11:27 pm
Full Name: Susan Strayer Curtis
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by straycur » Feb 16, 2016 5:48 pm

Thx for the helpful post. Certs broke in Veeam after our cert manager updated them.

To fix them all I had to do was drill into Backup Infrastructure -> VMware server, touch Credentials (without changing them) and Finish the configuration
VMs started backing up successfully again for both running jobs, and failed jobs that I retried just 45 minutes after I first saw the failures.

Quick easy solution to something that could have been long and painful.

mckaj
Novice
Posts: 7
Liked: never
Joined: Feb 24, 2016 9:30 pm
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by mckaj » Feb 24, 2016 9:39 pm

+1 on the community kudos meter for this one.

I managed to trigger this one by doing a clone migration of a vcenter appliance from one host to another in a small Essentials environment.

Have also added "rescan everything" after touching anything to my best practices bundle.

Thanks Craig, and others for comments.

Cheers
Andrew

techgal64
Novice
Posts: 3
Liked: never
Joined: Mar 10, 2016 12:16 pm
Full Name: Julie Reynolds
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by techgal64 » Mar 10, 2016 12:28 pm

Thanks for this information! My backups had been working fine but I made changes to my vCenter appliance; changed the location of core and log files to a NFS share.

Followed your instructions and I am back in business.

mdornfeld
Expert
Posts: 125
Liked: 2 times
Joined: Mar 23, 2009 4:44 pm
Full Name: Matt
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by mdornfeld » Jun 27, 2016 3:02 pm

Thank you! Helped us out today.

nreutemann
Enthusiast
Posts: 47
Liked: 6 times
Joined: Mar 06, 2012 11:45 pm
Full Name: Nicolas Reutemann
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by nreutemann » Nov 09, 2016 11:25 am

Works too after upgrading from vCenter 5.1 to 5.5

Thanks!

lmayorgas
Lurker
Posts: 1
Liked: never
Joined: Mar 06, 2012 8:43 am
Full Name: Luis F. Mayorgas
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by lmayorgas » Nov 30, 2016 10:50 am

It worked fine for me too. Thanks a lot!

IonutN
Novice
Posts: 4
Liked: never
Joined: Sep 25, 2014 8:57 am
Full Name: Ionut Nica
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by IonutN » Feb 05, 2017 12:29 pm

HI,

is there any programmatic way to do this?
we have 30 BRS servers, and 30 vcenters, and we have a partial mesh topology.
so doing this a few hundred times a year looks rather daunting and pointless.

Also I'm not sure I understand why this is happening.
we have PKI issued certificates and the windows servers where B&R runs trust the certificate issued to vcenter.
is there any to add the root CAs to Veeam certificate store or something?

BackerML
Lurker
Posts: 1
Liked: never
Joined: Apr 05, 2016 1:15 pm
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by BackerML » Jun 08, 2017 12:38 pm

Thank you so much for posting this. Saved me so much frustration! I saw all my backups fail and thought to myself "Today is gonna suck..." Thanks again!

slash24
Lurker
Posts: 1
Liked: never
Joined: Jun 08, 2017 6:36 pm
Full Name: Chris Supnet
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by slash24 » Jun 08, 2017 6:38 pm

Thank you for this... saved me a ton of time! :D

lukasos
Novice
Posts: 5
Liked: 1 time
Joined: Oct 23, 2017 10:50 am
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by lukasos » Feb 19, 2018 12:06 pm

Nice one, thanks
Had a problem after upgrading ESXI to 6.5 and this fixed it.

ARHT
Lurker
Posts: 2
Liked: never
Joined: Jan 10, 2017 5:18 am
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by ARHT » Jul 12, 2018 7:51 pm

Excellent - your brain worked hard so mine didn't have to. Cheers for that!
In this instance I created my own problem after upgrading V B&R to 9.5 u3a and [the next day] VCentre to 6.7 [from 6.5]. I haven't updated the hosts yet. Fiddling with Vcentre and Update Manager I came across cert issues which I thought I'd 'refresh' to see if that fixed the alerts I was seeing. Broke Veeam... If you have this issue pay attention to which certs have caused the issue: if on VCentre then run through credential re-save as OP instructed via 'BackUp Infrastructure', if on host/s then same process but through 'Inventory' on each affected host.

souperstar
Enthusiast
Posts: 38
Liked: 4 times
Joined: Dec 30, 2011 10:26 pm
Full Name: Chris

Re: After vSphere 6.0 upgrade - remote certificate is invali

Post by souperstar » Aug 28, 2018 2:01 pm

We had this issue on the latest version of VB&R (9.5.0.1922) - but only after migrating vCenter to its latest version (6.5 > 6.7.0 build 9433894). Thank you for the post!

cividan
Influencer
Posts: 19
Liked: never
Joined: Feb 06, 2015 4:17 pm

Re: After vSphere 6.0 upgrade - remote certificate is invalid

Post by cividan » Nov 02, 2018 1:34 pm

Ran into the same problem after replacing the certificate when upgradading from 6.0 to 6.7 and your solution fixed the problem.
Thanks alot!

vijayG
Influencer
Posts: 16
Liked: never
Joined: Nov 12, 2018 7:07 pm
Full Name: Vijay Kumar Gouni
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invalid

Post by vijayG » Nov 27, 2018 4:44 pm

It works for me.

Thanks for sharing

gparker
Enthusiast
Posts: 48
Liked: 2 times
Joined: Feb 01, 2012 2:24 am
Full Name: George Parker
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invalid

Post by gparker » Dec 19, 2018 7:10 am

Thanks, this worked for me too :)

Berkovska
Service Provider
Posts: 38
Liked: 2 times
Joined: May 30, 2018 10:39 am
Full Name: Berkovska
Contact:

Re: After vSphere 6.0 upgrade - remote certificate is invalid

Post by Berkovska » Dec 20, 2018 4:44 am

This should be a KB - worked flawlessly.
Thank you!

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 6 guests