Highlighted

Backup Exec CA error when connecting to remote storage.

Hey All,

 

Have had S3 compatible storage setup for a while, and it has worked well. Twice we have had an issue where it states - "Cant connect to open storage" - last time resulted in a reinstall but that's not working this time. We have ruled out any connectivity issues as we can use other tools to connect to it.

 

We can see in a packet capture that indeed it is connecting, but our server is stating invalid CA and shutting the connection. I have tried installing the root certificates for the site it is connecting to with no luck. But this begs the question, why did it just stop working and how can we fix it ? I have a support case open at Veritas to which I haven't had alot of response yet. Really need to get this working in the next couple of days. 

Tags (2)
6 Replies
Highlighted

Re: Backup Exec CA error when connecting to remote storage.

Still haven't had any luck with our support case - we are just going around in circles and not really getting any pleasure from 1st level support. In fact, I requested it to be escalated as the tech didn't understand the relevance of the packet capture and still can't even get this. So painfull every time we lodge a case, and at this stage we may be forced to move to another product. Given this had been working for months prior, it seems odd for it to just stop working.   I've uploaded an image of the capture in case anyone has any ideas. 

Not sure if any Veritas employees still lurk on these forums, but if so it would be helpfull for you to look at my case 190205000092  appologies for the few choice words I used in some of my requests. 

 

 

Tags (2)
Highlighted

Re: Backup Exec CA error when connecting to remote storage.

Added image of storage error 

Highlighted

Re: Backup Exec CA error when connecting to remote storage.

refer this NBU doc. See if it helps. BE also looks into the cacert file for known certs. You can append the one which is not present in the BE cacert file as per below document.
https://www.veritas.com/support/en_US/article.100032993

if you want to confirm the cURL error: 60, you can start SGMON (select beserver. SGMON is located at BE Install Path\ ) and then restart the BE services to confirm if the same error is coming in BE.

Highlighted

Re: Backup Exec CA error when connecting to remote storage.

Excellent - Thanks you so much for that. SGMON does indeed show the curl error and states that there is a self signed certificate in the chain.  See output attached.  Just need some direction on where to from here - obviously I can add the root certificates to the cacerts file - but the question is which ones.... I know the provider uses Comodo certs.

 

Cheers

Re: Backup Exec CA error when connecting to remote storage.

When I googled the curl error, I found a link to https://curl.haxx.se/ca/cacert.pem which contains the latest root certs, etc. I replaced the one in BE's directory with the new one, and the debug shows that it is now connecting. Just testing a job, then we will be happy.

 

Cheers for the help. 

Highlighted

Re: Backup Exec CA error when connecting to remote storage.

nice !