Upgrading your vSphere vCenter Server is a critical maintenance task, but it can sometimes introduce unexpected issues. If you’ve recently updated your vCenter server, for example, from version 5.5.2 to 6.0.0, and use Veeam Backup & Replication (B&R), you might encounter connection problems. Specifically, you may find that your Veeam backups and restores are failing. This article addresses the common error: “The remote certificate is invalid according to the validation procedure” and provides a step-by-step solution to restore your Veeam connections.
The Problem: SSL Certificate Errors After vCenter Upgrade
After a vCenter Server update, especially one that involves automatic SSL certificate upgrades, Veeam B&R may lose its trusted connection. This often manifests in the following error messages:
Backup Failure:
- Task failed Error: The remote certificate is invalid according to the validation procedure.Restore Failure (when expanding the vCenter node):
- Failed to login to "myVC" by SOAP, port 443, user "myVC\admin_account", proxy srv: port:0
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.Attempting to upgrade the vSphere client on the Veeam B&R host to resolve SSL issues directly will likely not fix the problem. The issue lies in Veeam’s configuration needing to re-establish trust with the updated vCenter Server certificate.
The Solution: Re-establish Trust in Veeam
To resolve these connection errors and restore Veeam’s functionality, you need to manually re-accept the vCenter Server certificate within the Veeam Backup & Replication console. Here’s how:
-
Navigate to Backup Infrastructure: Open Veeam Backup & Replication and go to “Backup Infrastructure”.
-
Locate vCenter Server: In the left-hand tree, navigate to:
Managed Servers -> VMware vSphere -> vCenter Servers. -
Open vCenter Properties: Right-click on your vCenter Server (e.g., “myVC”) and select “Properties”.
-
Proceed to Credentials: In the “Edit vCenter Server” window, click “Next” on the ‘Name’ page to reach the ‘Credentials’ page. Click “Next” again.
-
Connect to Untrusted Certificate: You will see a warning: “An untrusted certificate is installed on “[Your vCenter Server Name]” and secure communication cannot be guaranteed. Connect to this server anyway?”. Click “Connect”.
-
Save Configuration: Veeam will now connect to the vCenter server, save the updated server configuration, and display a ‘Summary’ page.
Note: The ‘Summary’ page might still show older information, such as “Host info: VMware VCenter Server 5.5.0 build-xxxxxxx” even if you’ve upgraded to a newer version like 6.0.0. This discrepancy is usually cosmetic and doesn’t affect the fix.
-
Finish: Click “Finish” to close the “Edit vCenter Server” window.
Verification and Success
After re-accepting the certificate, test your Veeam connection and functionality:
- Test Restore Browsing: Attempt to restore a virtual machine. You should now be able to browse past the vCenter node in the “Hosts and Clusters” tree, which was previously blocked. Cancel the restore wizard once you’ve confirmed browsing is working.
- Test Backup Job: Run a backup job. Right-click on a backup job (e.g., “cbdev”) and select “Start”. The backup should now complete successfully.
Conclusion
Updating vCenter Server can indeed lead to connection breaks with services like Veeam B&R due to SSL certificate changes. By proactively re-establishing the trust relationship within Veeam by re-accepting the vCenter certificate, you can quickly resolve the “remote certificate is invalid” errors and restore your backup and restore operations. This simple procedure ensures your Veeam environment remains functional after vCenter Server updates, minimizing downtime and protecting your virtual infrastructure.
