cancel
Showing results for 
Search instead for 
Did you mean: 

Backup Exec CA error when connecting to remote storage.

PortTaranaki
Level 3

Hey All,

 

Have had S3 compatible storage setup for a while, and it has worked well. Twice we have had an issue where it states - "Cant connect to open storage" - last time resulted in a reinstall but that's not working this time. We have ruled out any connectivity issues as we can use other tools to connect to it.

 

We can see in a packet capture that indeed it is connecting, but our server is stating invalid CA and shutting the connection. I have tried installing the root certificates for the site it is connecting to with no luck. But this begs the question, why did it just stop working and how can we fix it ? I have a support case open at Veritas to which I haven't had alot of response yet. Really need to get this working in the next couple of days. 

6 REPLIES 6

PortTaranaki
Level 3

Still haven't had any luck with our support case - we are just going around in circles and not really getting any pleasure from 1st level support. In fact, I requested it to be escalated as the tech didn't understand the relevance of the packet capture and still can't even get this. So painfull every time we lodge a case, and at this stage we may be forced to move to another product. Given this had been working for months prior, it seems odd for it to just stop working.   I've uploaded an image of the capture in case anyone has any ideas. 

Not sure if any Veritas employees still lurk on these forums, but if so it would be helpfull for you to look at my case 190205000092  appologies for the few choice words I used in some of my requests. 

 

 

Added image of storage error 

Gurvinder
Moderator
Moderator
Employee Accredited Certified

refer this NBU doc. See if it helps. BE also looks into the cacert file for known certs. You can append the one which is not present in the BE cacert file as per below document.
https://www.veritas.com/support/en_US/article.100032993

if you want to confirm the cURL error: 60, you can start SGMON (select beserver. SGMON is located at BE Install Path\ ) and then restart the BE services to confirm if the same error is coming in BE.

Excellent - Thanks you so much for that. SGMON does indeed show the curl error and states that there is a self signed certificate in the chain.  See output attached.  Just need some direction on where to from here - obviously I can add the root certificates to the cacerts file - but the question is which ones.... I know the provider uses Comodo certs.

 

Cheers

When I googled the curl error, I found a link to https://curl.haxx.se/ca/cacert.pem which contains the latest root certs, etc. I replaced the one in BE's directory with the new one, and the debug shows that it is now connecting. Just testing a job, then we will be happy.

 

Cheers for the help. 

Gurvinder
Moderator
Moderator
Employee Accredited Certified
nice !