#1 Global Leader in Data Resilience

"Failed to retrieve certificate" - Error When Interacting With Cloud Storage

KB ID: 4328
Product: Veeam Backup & Replication | 10 | 11
Published: 2022-06-23
Last Modified: 2024-07-29
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge    

When adding an Object Storage Repository or interacting with an existing Object Storage Repository the following error occurs:

Failed to retrieve certificate from ...

The format of the error is different for each type of Object Storage Repository:

AWS Cert failed to retrieve
Certificate Retrieval error when adding AWS S3
S3 Compatible failed to retrieve
Certificate Retrieval error when adding S3-Compatible
Azure Cert failed to retrieve
Certificate Retrieval error when adding Azure Blob
Region: Azure Global (Standard)

Note that the Azure endpoint URL is not detailed in the error when adding/interacting with Azure storage using the Azure Global Region. When using Azure Gov or Azure China, the error will contain the entire endpoint URL, as seen with AWS or S3-Compatible. To identify the specific Azure endpoint URL when using the Azure Global Region, check the Azure management portal or review the log investigation advice in the More Information section of this article.

Below are examples of this same "Failed to retrieve certificate" error occurring during an Offload task and when editing a Scale-Out Backup Repository.

 

Job Error
AddToSOBR

Solution

This error occurs because the Veeam software could not retrieve and verify the certificate from the cloud storage endpoint.

Review the Used Ports section of the User Guide and ensure proper communication with object storage repositories.

 

Most Common Causes

 

Edge Case

Though rare, several Veeam Support cases have been closed by the customer after they reported that they determined that their security firewall was interfering with or tampering Customer's comment to Veeam Support: "We have excluded all of the Veeam hosts from decryption in our firewall, and the issue is no longer happening."with the certificates that the Veeam software was requesting. Those security firewalls either prevented the certificate from being received or modified the certificate, preventing Veeam Backup & Replication from validating them.

More information

When the certificate error occurs while attempting to add the Object Storage Repository, the certificate retrieval is recorded in the following log file on the Veeam Backup Server:

C:\ProgramData\Veeam\Backup\Satellites\<VeeamServer>\<console_account>\Satellite_Console.log

<VeeamServer> = hostname or FQDN of the Veeam Backup Server
<console_account> = account used to open the Veeam Backup & Replication Console.

Log Example:

Info         [PublicCloudCertificateLoader] Loading certificate for 'DefaultEndpointsProtocol=https;AccountName=kb4328'
Info                 [AP] (2730) command: 'Invoke: Network.RetrieveSslCertificate { (EString) HostName = kb4328.blob.core.windows.net; (EInt32) Port = 443; }'
Info                   [AP] (2730) output: <VCPCommandResult result="false" exception="resolve: The requested name is valid, but no data of the requested type was found&#x0A;Agent failed to process method {Network.RetrieveSslCertificate}." />
Info                   [AP] (2730) output: >
Error        resolve: The requested name is valid, but no data of the requested type was found (Veeam.Backup.Common.CCppComponentException)
Error        Agent failed to process method {Network.RetrieveSslCertificate}. (Veeam.Backup.Common.CCppComponentException)

 

To simplify finding the endpoint information, search the Satelite log for:

command: 'Invoke: Network.RetrieveSslCertificate { (EString)
Expand for Advanced Log Investigation Tips

Using Notepad++'s "Find in Files" search, it is possible to search for specific strings within files having a particular naming convention.

The following search values will quickly find all instances where a certificate retrieval request was processed.

Find what:

| Retrieving certificate for 
Filters:
Agent.PublicCloud.Satellite*.log
Directory:
C:\ProgramData\Veeam\Backup
Screenshot of Find in Files tip
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.