Challenge
When attempting to update the Veeam Backup & Replication or Veeam ONE software, an error is encountered:
This Veeam Backup & Replication/Veeam ONE installation cannot be updated automatically. Please contact Veeam customer support for assistance with manual update.
Cause
Update setup program checks the digital signature of the existing files to ensure their integrity before updating them. All product files are signed using Global Sign certificates. Some Windows installations do not contain Global Sign's root certificates authority as trusted root certificates, or have non-current certificates. This issue is typically observed on servers with locked down security settings, or servers with no internet access or latest updates installed.
Solution
To resolve this issue, please install the below certificates manually on the system:
https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt (DigiCert Assured ID Root CA)
https://secure.globalsign.com/cacert/gscodesigng2.crt (GlobalSign CodeSigning CA - G2)
https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt (DigiCert High Assurance EV Root CA)
https://www.digicert.com/CACerts/DigiCertEVCodeSigningCA-SHA2.crt (DigiCert EV Code Signing CA - SHA2)
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates (install R1, R2, and R3 certificates)
If your backup server does not have internet access, please download certificate files from another computer.
More Information
Right-click on the certificate file in Windows, select "Install Certificate", install on "Local Machine", and select the store "Trusted Root Certification Authorities". When installed properly, "GlobalSign" and "GlobalSign Root CA" should show under Console root -> Certificates -> Trusted Root Certification Authorities -> Certificates.