• EN
Question

VEEAM Ent Manager and vCenter Certificate

V
Userlevel 5

Hello,

I'm facing a challenging situation with our Veeam server and vCenter, and I'm seeking assistance to resolve this issue. Here's the scenario:

Our Veeam server is not part of our domain.

Our domain computers are signed with our Domain Controller (DC) as their root certificate.

The vCenter is  not part of the domain.

However, the vCenter certificate is assigned by our DC, which acts as the root certificate authority.

The primary issue arises when attempting to update the vCenter. I encounter an error, and I've attached a screenshot for reference.

Furthermore, it's worth noting that our Veeam server is also not a member of the domain. We are utilizing Veeam Enterprise Manager.

I am seeking guidance on how to resolve this matter. What steps or configurations should I consider to ensure a smooth update process for our vCenter and resolve the certificate-related errors?

Any help or insights would be greatly appreciated. Thank you in advance for your assistance.

 

 

 

21 comments

Chris.Childerhose
Userlevel 7
Badge +20

Keep in mind this is a Veeam community not VMware for posting for help.

Try this link from VMware KB - https://kb.vmware.com/s/article/93526#:~:text=The%20file%20server%20that%20hosts%20the%20OVF%20and%2For,SSL%20certificate%20is%20not%20trusted%20by%20the%20system.

Also if you use CDP try removing it so the I/O Filter is removed. That was the cause of this for me and then I could upgrade vCenter.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

Thank you for your response.

I think it's related to the Veeam server and not VMware, as the error pertains to Veeam.

I have already followed your provider's steps, but the issue still exists.

The CA of vCenter is installed under the Trusted Root CA, but the issue still persists.

 

 

Chris.Childerhose
Userlevel 7
Badge +20

Yes it is related to Veeam and CDP I/O filter possibly.  That is the issue I had and had to remove it from each host and reboot.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

noticed that the relationship is between the vCenter and Veeam. We are using Veeam, which is not a member of the domain. I have just removed the plugin from the vCenter, and I am currently rebooting the vCenter. Let's hope it works for now.

Chris.Childerhose
Userlevel 7
Badge +20

noticed that the relationship is between the vCenter and Veeam. We are using Veeam, which is not a member of the domain. I have just removed the plugin from the vCenter, and I am currently rebooting the vCenter. Let's hope it works for now.

It should fix it.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

unfortunately the issue still exisit, i cannot seem to find the cause, Why vCenter complaining about VEEAM.
But i'll start talking to vMware

 

Chris.Childerhose
Userlevel 7
Badge +20

unfortunately the issue still exisit, i cannot seem to find the cause, Why vCenter complaining about VEEAM.
But i'll start talking to vMware

 

Again, are you using CDP at all and have the I/O Filter drivers installed in VMware?  That was the cause of my issue with a similar message and once removed that resolved my update problem.  I am sure VMware will help solve it.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

Yes we are using CDP and all Drivers are installed and updated.
do you mean remove the I/O on the hosts?

 

Chris.Childerhose
Userlevel 7
Badge +20

Yes we are using CDP and all Drivers are installed and updated.
do you mean remove the I/O on the hosts?

 

Yes, and within the Cluster/vCenter.  This is what caused my upgrade to fail.  I guess one of the downsides to upgrade so quick to U2.  😋

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

@Chris.Childerhose 

, thank you for your answers. I'm not entirely sure if I understood correctly, but are you suggesting that I should remove the I/O Filters from the vCenter using the Cluster?

When I access the cluster, and navigate to the configuration and I/O filters, I can see the filters with their version numbers, but I don't have any options to remove them.

The installed version is 12.0.1008-1OEM.800.1.0.20613240, as indicated in the attached screenshot.

As far as I know, I/O filters can be uninstalled from VEEAM and not directly from vCenter. If I misunderstood your suggestion, I apologize.

Could you please clarify the steps on how to remove them?

Chris.Childerhose
Userlevel 7
Badge +20

@Chris.Childerhose

, thank you for your answers. I'm not entirely sure if I understood correctly, but are you suggesting that I should remove the I/O Filters from the vCenter using the Cluster?

When I access the cluster, and navigate to the configuration and I/O filters, I can see the filters with their version numbers, but I don't have any options to remove them.

The installed version is 12.0.1008-1OEM.800.1.0.20613240, as indicated in the attached screenshot.

As far as I know, I/O filters can be uninstalled from VEEAM and not directly from vCenter. If I misunderstood your suggestion, I apologize.

Could you please clarify the steps on how to remove them?

Yes, use Veeam console to edit the Cluster and remove the I/O Filter drivers.  Then after that ensure to reboot the hosts so that is gone.  That will fix the upgrade issue with the URL you are seeing.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

@Chris.Childerhose thank you i'll go ahead and test it.

this mean we'll have to reinstall it after the update ? otherwise our CDP will stop working.

 

Chris.Childerhose
Userlevel 7
Badge +20

@Chris.Childerhose thank you i'll go ahead and test it.

this mean we'll have to reinstall it after the update ?

Yes, you will if it works with U2.  I have not tested it myself and just left it off for now.  Will probably retest it with 12.1 when it comes out.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

@Chris.Childerhose what are you using for replication? are you using VEEAM Replication instead of CDP?

 

Chris.Childerhose
Userlevel 7
Badge +20

@Chris.Childerhose what are you using for replication? are you using VEEAM Replication instead of CDP?

 

I did test CDP and have used both for Veeam. They are for different situations as well.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

I removed the CDP I/O and rebooted the hosts; however, the issue still persists. The system is continuing to generate complaints. I've already rebooted both the vCenter and ESXi servers, but the problem remains unresolved.

Chris.Childerhose
Userlevel 7
Badge +20

I removed the CDP I/O and rebooted the hosts; however, the issue still persists. The system is continuing to generate complaints. I've already rebooted both the vCenter and ESXi servers, but the problem remains unresolved.

That is weird. Is the I/O filter showing at the cluster level or any host still?  I know once I did this I was able to upgrade.  Unsure now but a support case with VMware maybe.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

I removed the CDP I/O and rebooted the hosts; however, the issue still persists. The system is continuing to generate complaints. I've already rebooted both the vCenter and ESXi servers, but the problem remains unresolved.

That is weird. Is the I/O filter showing at the cluster level or any host still?  I know once I did this I was able to upgrade.  Unsure now but a support case with VMware maybe.

At the cluster level, the CDP I/O has been removed, and I've already rebooted the vCenter, VEEAM, and all the hosts. However, the I/O issue is persisting. I'm currently in contact with VMware support, and their suggestion is to deploy a new vCenter and migrate the configuration to the new vCenter. This issue continues to baffle us.

 

when i access the veeam 

https://veeam:33034/ its errors out over SSL i beleive the issue is related to veeam.

but when i access https://veeam:9443/ the certificate is accepted.

so i think the veeam is using the wrong protocol.

 

Chris.Childerhose
Userlevel 7
Badge +20

You can always try this on the hosts - https://www.42u.ca/2021/01/14/manually-removing-i-o-filters-from-vsphere/#:~:text=In%20short%3A%201%20put%20your%20host%20into%20maintenance,out%20of%20maintenance%20mode%20%E2%80%93%20no%20reboot%20required

It works as I used it on mine.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
V
Userlevel 5

i have already followed those steps.

when i run esxcli software vib remove -n veecdp

esxcli software vib remove -n veecdp [NoMatchError] No VIB matching VIB search specification 'veecdp'. Please refer to the log file for more details. the CDP start acting strange after we removed the Veeam from the domain

Chris.Childerhose
Userlevel 7
Badge +20

i have already followed those steps.

when i run esxcli software vib remove -n veecdp

esxcli software vib remove -n veecdp [NoMatchError] No VIB matching VIB search specification 'veecdp'. Please refer to the log file for more details. the CDP start acting strange after we removed the Veeam from the domain

Well best to stick with support at this point.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Comment


Terms & Conditions