We were setting up Veeam Cloud Connect infrastructure to offer Veeam Cloud Backup, a feature many of our customers had requested. The installation was going smoothly, and we initially used a self-signed certificate for testing. Later, we applied a certificate from a well-known Certificate Authority, which also worked without any issues.
However, we soon received a notification from Veeam about an available update (v8 Update 3). Since it’s important to stay on the same version or higher as our clients, we proceeded with the update.
After updating to Update 3, clients were suddenly unable to connect, receiving the following error:
“Error: Authentication failed because the remote party has closed the stream.”
This error occurred immediately upon connection, and Veeam wouldn’t allow us to edit the Cloud repository because it no longer recognized the certificate.
Steps We Took:
- First, we reapplied the certificate on the service provider side. Although this process completed successfully, clients still encountered the same error.
- We then created a new self-signed certificate, but this also didn’t resolve the issue.
- We thought the issue might be due to a version mismatch, so we upgraded a client to v8 Update 3, but the error persisted.
Fortunately, we had taken snapshots of all Veeam components before updating (Backup and Replication server, Cloud Gateway, WAN Accelerator, and Repository). After reverting to the pre-update state, clients were able to connect again using either the self-signed certificate or the one from the Certificate Authority.
Troubleshooting with Veeam Support: We then opened a support ticket with Veeam and provided logs from every component and the client side. After reviewing the logs, Veeam support had us install Update 2b and submit logs before and after the upgrade. Unfortunately, the issue remained.
Finally, Veeam support provided a process that worked:
- Apply a self-signed certificate to the base installation of Version 8.
- Upgrade to Update 2b. If the self-signed certificate worked after the upgrade, apply the Certificate Authority certificate using the PFX file.
This solution worked! After that, we took another set of snapshots and upgraded to Update 3, and everything continued to function properly.
Key Takeaway: If you encounter this issue after a Veeam update, try applying a self-signed certificate first, then upgrading, and finally applying the Certificate Authority certificate. This step saved us considerable time, especially since the error wasn’t documented in Veeam’s KB articles or certificate installation documentation.
