Michael Paul | @micoolpaul

Veeam, VMware & Microsoft Blog

Certificate Verification Failure when Patching Veeam Backup for Office 365? You’re not alone!

Michael Paul | @MicoolPaul

Data Protection Consultant, focusing on Veeam, VMware & Microsoft Productivity and Infrastructure stacks.

UPDATE 18/08/2022: Veeam have an expired certificate impacting auto-updates for older versions of v6, this is fixed from Veeam Backup for Microsoft 365 v6 Cumulative Patch P20220718 (6.0.0.400) onwards. As Veeam Backup for Microsoft 365 v6a is now available, I suggest updating to this instead due to important Microsoft Teams data protection changes. See KB4344 for the download link, and KB4341 for more information on the certificate validation failure.

UPDATE 01/03/2022: Veeam are tracking this issue in KB4281 here.

A few days ago, on the Veeam Community Hub, I saw an interesting post, someone was reporting that they were getting a certification validation failure when trying to download the latest update. As this was the first and only post I’d seen on this, my thoughts immediately jumped to some form of web filtering during the download process. Without any screenshots or further information, it was difficult to verify what had gone wrong.

However, a couple of days passed and someone else reported the same issue, from an Azure VM directly connected to the internet. Both users reported that patching with the download direct from the Veeam website was fine, it was just the auto-update mechanism that was giving them issues.

With no perceived commonality between them I decided I’d investigate!

So, I fired up my lab, which was conveniently on an older version of v5 (5.0.2.42) and tried to perform the update. All seemed normal, it downloaded the patch absolutely fine, but then when I tried to install, I got a Certificate Verification failure, the same as reported by the other users in the community!

Screenshot showing the Certificate verification failed error message
Screenshot showing the Certificate verification checks failing in the log files

Unfortunately, the update process deletes the installer when the certificate validation has failed (and I’m so glad to see the certificate validation checks being performed in the first place!). So, I monitored the download path and took a copy of the file that is downloaded for examination. Upon review I found that the signing certificate expired on the 17th February 2022.

Screenshot showing the certificate’s validity period having expired

I took this to the Veeam R&D forum and raised a support case (though using an NFR license in my lab meant I was unsure I’d get a response on this). I’m pleased to say via both avenues Veeam responded swiftly confirming that their R&D resources were aware of this and the expired certificate will be replaced for the next update.

I decided to be cheeky and press on with this dialogue and confirm that this was a fix for v5, as there are strong indications that we’re not far from Veeam Backup for Office/Microsoft 365 v6, and I’m glad to say I’ve had confirmation that this will be a v5 patch.

In the meantime, if you download the installer from the Veeam website, you’ll be able to patch your system anyway. If you’re on a version earlier than 5.0.3, you can get to 5.0.3.1033 (5d) here, and then you can patch to the latest version of 5d here.

Want to share your experience with this? Join the conversation on the Veeam Community Hub.

Hope this helps!

3 responses to “Certificate Verification Failure when Patching Veeam Backup for Office 365? You’re not alone!”

  1. Veeam Backup for Microsoft 365 v6 Released! – Michael Paul | @micoolpaul Avatar
    Veeam Backup for Microsoft 365 v6 Released! – Michael Paul | @micoolpaul

    […] Hopefully you’ve found this write-up to be informative, this is by no means exhaustive as there’s still more to be discovered within the v6 release that I’ll find out about in the coming days. It’s also worth mentioning that my blog post regarding certificate validation errors when upgrading Veeam Backup for Office 365 v5 doesn’t impact this release, as Veeam have replaced the expired certificate, you can read more about this here. […]

    Like

    Reply
  2. Mathias Bjorkman Avatar
    Mathias Bjorkman

    Does this work with Community Edition too? I have a client that has a 4.0.0.1345 Community Edition version that hasn’t been updated. How do I find the download link for the patch?

    Like

    Reply
    1. micoolpaul Avatar
      micoolpaul

      Hi Mathias,

      No such patch exists for v4 due to age but there’s no actual difference in the binaries for community edition vs the fully licensed product, it’s just a license key so the same rules apply for any patching guidance etc.

      Download the ISO for the latest version and upgrade that way!

      Also check release notes for Co-existence if you have VB365 installed on the same server as VBR, there’s sometimes specific patching orders & dependencies to consider.

      https://www.veeam.com/kb4285 will give you the latest version of v6 (v6 being the latest version at the time of posting), you’ll see an ISO download button but also links for upgrade requirements etc.

      Like

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: