Davoud Teimouri - Virtualization & Datacenter

A technology blog mainly focusing on virtualization and datacenter

Invalid Remote Certificate – Veeam Backup & Replication

I faced with “Invalid remote certificate”:

“Task Failed. Error: The remote certificate is invalid according to the validation process”

on some my replication jobs between two our vCenter servers and Veeam BR couldn’t validate our target vCenter server certificate.

I found a solution for resolving invalid remote certificate that I want to share it with you.

Here is my environment specifications and the configuration. The log file locations maybe different with you environment:

  • vCenter 6
  • ESXi Host 5.5 U3
  • Veeam B&R 9
  • Windows 2008R2 SP1

The problem was it:

When vCenter server is adding to Veeam BR, its certificate’s thumbprint will be added to configuration database and if the vCenter server’s certificate was changed (Invalid remote certificate), you have to re-validate it in Backup Infrastructure. So if the certificate isn’t valid, you will see the below error:

Invalid remote certificate

Task failed. Error: The remote certificate is invalid according to the validation process.

Now, what is the solution?

First step, disable all your backup and replication jobs that they are related to the vCenter and also stop Veeam BR service because invalid remote certificate doesn’t allow you

As I said before, you have to re-validate the certificate, so you should go to “Backup Infrastructure” and select your server then right click on the server and click on “Properties”.

Backup Infrastructure

Backup Infrastructure

Then, you will face with the below dialog:

Edit VMware Server

Edit VMware Server

Click “Next”.

At this window, you need to choose your credential, choosing previous credential is recommended.

Edit VMware Server - Credential

Edit VMware Server – Credential

When you click on “Next” at this window, Veeam BR will validating your credential and the server’s certificate and if it is valid, Veeam BR will save the server configuration otherwise you will face with the below prompt:

Edit VMware Server - Detecting Server Type

Edit VMware Server – Detecting Server Type

Edit VMware Server - Prompt

Edit VMware Server – Prompt

Click on “Connect” and your problem will be resolved and you will see the below window:

VMware Server - Save Configuration

VMware Server – Save Configuration

Now, enable your jobs and run one of them, if the job runs successfully, you have no problem otherwise follow the below step to troubleshooting and resolving the problem.

You have to check your jobs logs in this step, so go to the below path to find your job log:

C:\Program Data\Veeam\Backup\<Your Job Name>

Backup Log Path

Backup Log Path

Open the last log file and search “Mismatch!” word within that.

Backup Log

Backup Log

If you found the word, it means that your server thumbprint is different with saved thumbprint on the database and it should be changed.

Now, you need to have access to your database. Copy saved thumbprint from the log file and then logon to your database server via Management Studio and run a select query on “dbo.Soap_creds” table:

SQL Query

SQL Query

At this step, you should replace the thumbprints with server’s thumbprint (You can copy it from log file) and also you should remove any records that its “creds” column is : 00000000-0……….

Invalid remote certificate

SQL Update

Now start Veeam BR service and enable your jobs and see the result.

If you faced with the below error:

  • The object has already been deleted or has not been completely created.

You have to edit your jobs, re-add the VMs or edit destination specifications or remove all snapshots from snapshot list:

Invalid remote certificate

New Error

Invalid remote certificate

Edit Job

Hope, this post help you to resolving same issues.

Open Shared Folder By Different Credential

You can override stored credentials for shares in Windows via the Control Panel. I believe this should be possible since around Windows 2000, or at least XP. However, the names of these functions are different in all versions. I am using names from Windows 7 in this post.

Open your account page in User Accounts and Family Safety. (Click your image in the start menu, or navigate through control panel). In the left hand side panel, select Manage your credentials. Under Windows Credentials:If the server in question has an entry, delete it. (Most likely it will not be present, if you haven't been here before). Select Add a Windows Credential. Enter the server (e.g. \\10.0.0.2\myShare). Enter new desired credentials.Now, when navigating manually to \\10.0.0.2\myShare, it will not use the old credentials any more.

Davoud Teimouri is as a professional blogger, vExpert 2015-2016-2017, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

6,563 total views, 29 views today

Updated: May 26, 2016 — 12:03 pm

Leave a Reply

Teimouri.net © 2012 Frontier Theme
%d bloggers like this:
Read more:
New Microsoft KB/Hotfix – December 2015

Microsoft has released some KB/Hotfix for Windows 7 SP1 and Windows 8/8.1 and the patches resolve some problems or help...

Close