Certificate error when adding in vCenter

[Baptiste]

Hello everybody,

I am not use to work in VMware environnement and i am facing an certificate error.

So basically :
I setup veeam and add the ESX
i add the ESX in my vCenter
vCenter regenreate a certificate on my ESX
Veeam throw me a remote certificate error

There are no other way for this deployment to work; don't offer me workaround like add in veeam after adding vcenter or add vcenter in veeam

Is there a way to download root certificate from vCenter and add it on VEEAM server to avoid this certificate issue ?
so far i downloaded "CA" cert (kb wmvare 2108294), added on veeam under trusted root certificate but i still have the warning when i rediscover the ESX.

Thank for your help

[dellock6]

Not sure I understand your error, but when you add vCenter to Veeam, and vCenter has the default self-signed certificate, Veeam simply warns you that the certificate is untrusted, and you can accept it and contiue the wizard.
Is this the beheviour you're seeing, or something else?

[veremin]

There are no other way for this deployment to work; don't offer me workaround like add in veeam after adding vcenter or add vcenter in veeam

I'm not about to propose the so-called workaround or something, but can you elaborate on how adding vCenter to VB&R server might screw that deployment?

[DerOest]

i understand it like this:

1. Add ESXi to Veeam = Accept Certificate1
2. Add ESXi to vCenter = ESXi-Certificate1 gets regenerated AKA Certificate2
3. Veeam throws error because Certificate2 != Certificate1
?? how to reacknowledge

Thats how i understand it. But... i was unaware the ESXi host certificate gets regenerated on vCenter-join, that's new to me

[dellock6]

If you already add the entire vCenter infrastructure, there's no reason to also add the single ESXi to Veeam again, just use vCenter, so Veeam can also trace vmotions and use vCenter level morefID when vmotions happen.

[veremin]

For some reason Baptiste wants to avoid adding vCenter to backup infrastructure, thus, my question regarding the reason of that.

There are no other way for this deployment to work; don't offer me workaround like add in veeam after adding vcenter or add vcenter in veeam

[Baptiste]

Thank you all for your concern.
You are right DerOest, that's what is it about.

It's a large scale deployment of VEEAM ( over 200 agency up to 1600 )
Every agency has 1 ESX with one VEEAM B&R VM.

I made a master of my VM VEEAM with powershell script to install veeam & configure it. Thus, during every deployment in agency, technician launch the script with NAS & Esx parameters on the VM and everything is done by itself.

After that local deployment, another team put that ESX into a vCenter.

The company doesn't want a network boundary to the central vCenter. Agency has to be autonomous so i can't add my vCenter to my VEEAM.

So :

1. Add ESXi to Veeam = Accept Certificate1 -> Done by script during deployment
2. Add ESXi to vCenter = ESXi-Certificate1 gets regenerated AKA Certificate2 -> Done manually by another team
3. Veeam throws error because Certificate2 != Certificate1
4. one more step to ask the team to go to every veeam and press next - next - agree warning - next

i'd like to take vCenter certificate, the ROOT CA certificate of the vCenter, to avoid agreeing again the certificate.

[veremin]

I'm wondering whether the order might be changed slightly, so that, ESX(i) is added to vCenter first and then automatic deployment of VB&R infrastructure takes place. That can be done either manually or automatically within the same script. Thanks.

[Baptiste]

Sorry Eremin, i am not looking for a workaround.

Is there any possibility to get the ROOT CA from vSphere 6.0 so i won't have any warning when i add my ESX.
Technically it doesn't sound stupid right ? vSphere generate certificate issue from his CA, so if i take the root ca and add it in my VM Veeam, i shouldn't have any warning to accept ?

Regards,

[Leo0601]

Hi Experts,
I am getting the “Untrusted Certificate (Thumbprint is installed on vCenter and the secured communication cannot be guranteed)” Connect to this server press "Y", I am getting this Powershell screen when I am trying to add the vCenter via Powershell in Veeam backup and replication. I want to skip this screen by Enter "Y" silently. Could someone help me to fix this issue ?
Regards
Leo

[Leo0601]

Hi Experts,

I fixed it. I have to add -Force to ignore the user interface popup. I am able to add the vCenter in VBR without any manual interface.

Add-VBRvCenter -Name vCenterIp -User vCenterAdminAccount -Password vCenterAdminPassword -Force

Regards
Leo