Proxmox and VEEAM Backup RemoteCertificateValidationCallback rejected

S

stuasch

Active Member
Proxmox Subscriber
Feb 5, 2020
17
1
43
44
Hi all,

We've recently migrated from VMware to Proxmox and are setting up VEEAM to back up our VMs. Our setup consists of a 3-node Proxmox cluster with local storage and replication (which I don't think should affect this issue, but more details might help!).

We've added our Proxmox nodes to the latest version of VEEAM, and we're also running the latest version of Proxmox. However, we're experiencing an issue where backups sometimes fail with the following error:

The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
Click to expand...
What's strange is that the backup works fine the next day without any changes. Normally, I would expect a certificate issue to either always fail or always succeed, not behave inconsistently.

Has anyone encountered this issue before?

We also noticed that changing the api timeout from 30 seconds to 300 seconds did help a bit but yet we still get the certificate errors.
The proxmox machines run a self signed certificate from our domain servers, and the proxmox and veeam servers all have the right chains (we verified this).


Thanks in advance!
 
Hi,

We're exploring the use of the Veeam Proxmox integration instead of Veeam Agent based backups. We're also getting stuck on RemoteCertificateValidationCallback when starting workers.

Our theory at the moment is that it may have something to do with renewals of certificates, especially for certificates from internal PKI. It seems the Veeam server (VBR) injects a configuration file to the worker and this config file includes a section for certificate (in addition to hostname, username, password, sshfingerprint etc.). This is probably done because VBR has the internal root certificate in it's trusted root repository, but the worker doesn't. So in essence, the certificate validation is done on the server and the trusted certificate is pushed to the proxy worker.

But if the certificate changes, the worker will no longer trust the certificate and reject it. We've seen that is seems that after opening the properties of the pve node in the VBR console, the connection will work again until next time the certificate changes.

So a suggestion is that you check if reason the backup works fine the next day, is because you opened the node properties in VBR and so updating the cached certificate.

Please note also if you're running your own PKI, that Veeam requires the certificates to have a valid CRL location. It's not required for browsers for example, but Veeam will automatically reject a certificate without a CRL.
 
hey there thanks for this info and kinda glad you are also having this issue.

We generated our own certificates but they have not changed since the last few weeks. the odd thing is today it failed but tomorrow (without our interaction) it goes well again. I never did look into the worker part that they might not have the chain or communication with the crl!

also our certificate does have a crl we checked this one out at the start as well just to make sure it was not something like that, but if that would be the case then it would always fail right instead of on and off.

We will reach out to VEEAM support and see if we can get root access or something to the worker, see if we can add or see something in there. We never really looked into the workers because of starting blind at the main program...
Will let u know for sure how we progress!! And we are not feeling alone anymore in this issue so thats kinda a relief :)
 
I experienced the same issue today in Veeam. I have checked the Certificates, they are valid. I rebooted the Veeam Backup Server. Found out that now that Proxmox is no longer Available when you try to add Server from the Inventory. Before it has VMWare vSphere, MS Hyper-V, Nutanix, Proxmox. Now Proxmox is no longer an option even on the Backup Infrastructure>>Managed Servers>>Add Server>>Virtualization Platforms>>Proxmox not present. Anyone got a solution for this? Appreciate your feedback!
 
Last edited:
jami-noobs said:
I experience the same issue today in Veeam. I have checked the Certificates, they are valid. I rebooted the Veeam Backup Server. Found out that now that Proxmox is no longer Available when you try to add Server from the Inventory. Before it has VMWare vSphere, MS Hyper-V, Nutanix, Proxmox. Now Proxmox is no longer an option even on the Backup Infrastructure>>Managed Servers>>Add Server>>Virtualization Platforms>>Proxmox not present. Anyone got a solution for this? Appreciate your feedback!
Click to expand...
Proxmox is back. I did a rescan. Maybe some delayed service start after the reboot. The Proxmox Backup jobs are working fine now.
 
I've now upgraded to Veeam BR 12.3.1.1139_20250315 and the issue seems to be resolved. The workers seem to have no problem accepting the PVE certificates any more. We'll see in a few days if it still is working properly.
 
hey thanks for getting back to this issue! we are also running 12.3.1.1139 but just saw in the logs again it was spitting out
The remote certificate was rejected by the provided RemoteCertificateValidationCallback

so for us the latest version does not fix this. How many vm's you guys backing up? we are at around 40.
 
You must log in or register to reply here.
Top Bottom