Certificate error when adding in vCenter

VMware specific discussions

Certificate error when adding in vCenter

Veeam Logoby Baptiste » Wed Nov 25, 2015 2:34 pm

Hello everybody,

I am not use to work in VMware environnement and i am facing an certificate error.

So basically :
I setup veeam and add the ESX
i add the ESX in my vCenter
vCenter regenreate a certificate on my ESX
Veeam throw me a remote certificate error

There are no other way for this deployment to work; don't offer me workaround like add in veeam after adding vcenter or add vcenter in veeam :mrgreen:

Is there a way to download root certificate from vCenter and add it on VEEAM server to avoid this certificate issue ?
so far i downloaded "CA" cert (kb wmvare 2108294), added on veeam under trusted root certificate but i still have the warning when i rediscover the ESX.

Thank for your help
Baptiste
Service Provider
 
Posts: 41
Liked: 5 times
Joined: Wed Nov 12, 2014 4:40 pm

Re: Certificate error when adding in vCenter

Veeam Logoby dellock6 » Wed Nov 25, 2015 9:58 pm

Not sure I understand your error, but when you add vCenter to Veeam, and vCenter has the default self-signed certificate, Veeam simply warns you that the certificate is untrusted, and you can accept it and contiue the wizard.
Is this the beheviour you're seeing, or something else?
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5047
Liked: 1330 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: Certificate error when adding in vCenter

Veeam Logoby v.Eremin » Thu Nov 26, 2015 11:00 am

There are no other way for this deployment to work; don't offer me workaround like add in veeam after adding vcenter or add vcenter in veeam :mrgreen:

I'm not about to propose the so-called workaround or something, but can you elaborate on how adding vCenter to VB&R server might screw that deployment?
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Certificate error when adding in vCenter

Veeam Logoby DerOest » Thu Nov 26, 2015 3:43 pm

i understand it like this:

1. Add ESXi to Veeam = Accept Certificate1
2. Add ESXi to vCenter = ESXi-Certificate1 gets regenerated AKA Certificate2
3. Veeam throws error because Certificate2 != Certificate1
?? how to reacknowledge

Thats how i understand it. But... i was unaware the ESXi host certificate gets regenerated on vCenter-join, that's new to me
DerOest
Enthusiast
 
Posts: 27
Liked: never
Joined: Fri Oct 30, 2015 10:10 am

Re: Certificate error when adding in vCenter

Veeam Logoby dellock6 » Thu Nov 26, 2015 4:45 pm

If you already add the entire vCenter infrastructure, there's no reason to also add the single ESXi to Veeam again, just use vCenter, so Veeam can also trace vmotions and use vCenter level morefID when vmotions happen.
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5047
Liked: 1330 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: Certificate error when adding in vCenter

Veeam Logoby v.Eremin » Fri Nov 27, 2015 9:31 am

For some reason Baptiste wants to avoid adding vCenter to backup infrastructure, thus, my question regarding the reason of that.

Baptiste wrote:There are no other way for this deployment to work; don't offer me workaround like add in veeam after adding vcenter or add vcenter in veeam :mrgreen:
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Certificate error when adding in vCenter

Veeam Logoby Baptiste » Sat Nov 28, 2015 12:12 pm

Thank you all for your concern.
You are right DerOest, that's what is it about.

It's a large scale deployment of VEEAM ( over 200 agency up to 1600 )
Every agency has 1 ESX with one VEEAM B&R VM.

I made a master of my VM VEEAM with powershell script to install veeam & configure it. Thus, during every deployment in agency, technician launch the script with NAS & Esx parameters on the VM and everything is done by itself.

After that local deployment, another team put that ESX into a vCenter.

The company doesn't want a network boundary to the central vCenter. Agency has to be autonomous so i can't add my vCenter to my VEEAM.

So :

1. Add ESXi to Veeam = Accept Certificate1 -> Done by script during deployment
2. Add ESXi to vCenter = ESXi-Certificate1 gets regenerated AKA Certificate2 -> Done manually by another team
3. Veeam throws error because Certificate2 != Certificate1
4. one more step to ask the team to go to every veeam and press next - next - agree warning - next

i'd like to take vCenter certificate, the ROOT CA certificate of the vCenter, to avoid agreeing again the certificate.
Baptiste
Service Provider
 
Posts: 41
Liked: 5 times
Joined: Wed Nov 12, 2014 4:40 pm

Re: Certificate error when adding in vCenter

Veeam Logoby v.Eremin » Mon Nov 30, 2015 9:40 am

I'm wondering whether the order might be changed slightly, so that, ESX(i) is added to vCenter first and then automatic deployment of VB&R infrastructure takes place. That can be done either manually or automatically within the same script. Thanks.
v.Eremin
Veeam Software
 
Posts: 13266
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: Certificate error when adding in vCenter

Veeam Logoby Baptiste » Mon Nov 30, 2015 11:03 am

Sorry Eremin, i am not looking for a workaround.

Is there any possibility to get the ROOT CA from vSphere 6.0 so i won't have any warning when i add my ESX.
Technically it doesn't sound stupid right ? vSphere generate certificate issue from his CA, so if i take the root ca and add it in my VM Veeam, i shouldn't have any warning to accept ?

Regards,
Baptiste
Service Provider
 
Posts: 41
Liked: 5 times
Joined: Wed Nov 12, 2014 4:40 pm


Return to VMware vSphere



Who is online

Users browsing this forum: Bing [Bot], Majestic-12 [Bot] and 14 guests