Veeam update fails with "This Veeam Backup & Replication / Veeam ONE installation cannot be updated automatically"

KB ID:

2157

Product:

Veeam Management Pack for Microsoft System Center;Veeam Backup & Replication;Veeam ONE;Veeam Service Provider Console;Veeam Availability Orchestrator

Version:

7.x, 8.x, 9.x

Published:

2016-08-25

Last Modified:

2020-07-21

KB Languages:

Print the Article

Send by email

Challenge

When attempting to update the Veeam Backup & Replication or Veeam ONE software, an error is encountered:

This Veeam Backup & Replication / Veeam ONE installation cannot be updated automatically. 
Please contact Veeam customer support for assistance with manual update.

Cause

Update setup program checks the digital signature of the existing files to ensure their integrity before updating them. All product files are signed using Global Sign certificates. Some Windows installations do not contain Global Sign's root certificates authority as trusted root certificates, or have non-current certificates. This issue is typically observed on servers with locked down security settings, or servers with no internet access or latest updates installed.

Solution

To resolve this issue, please install the below certificates manually on the system:

https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt (DigiCert Assured ID Root CA)
http://secure.globalsign.com/cacert/gscodesigng3ocsp.crt (GlobalSign CodeSigning CA - G3)
https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt (DigiCert High Assurance EV Root CA)
https://www.digicert.com/CACerts/DigiCertEVCodeSigningCA-SHA2.crt (DigiCert EV Code Signing CA - SHA2)
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates (install R1 and R3 certificates)

Additional certificates are needed for Veeam ONE 9.5 Update 4:

For SHA1:
https://www.thawte.com/roots/Thawte_Timestamping_CA.pem (Thawte Timestamping CA)
For SHA2:
https://www.websecurity.symantec.com/content/dam/websitesecurity/digitalassets/desktop/pdfs/roots/VeriSign-Universal-Root-Certification-Authority.pem (VeriSign Universal Root Certification Authority)

If your backup server does not have internet access, please download certificate files from another computer.

More Information

To install a certificate:
Right-click on the certificate file in Windows, select "Install Certificate", install on "Local Machine", and select the store "Trusted Root Certification Authorities". When installed properly, "GlobalSign" and "GlobalSign Root CA" should show under Console root -> Certificates -> Trusted Root Certification Authorities -> Certificates.

User Added Image

Rate the quality of this KB article:

2 out of 5 based on 413 ratings

Back to KB search

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Request new content

Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!