Our website uses cookies!

By continuing to use our website, you agree with our use of cookies in accordance with our Cookie Policy. You can reject cookies by changing your browser settings.

OK, GOT IT!
Downloads
Contact Sales
Call sales: 1-800-691-1991 | 8am - 8pm ET
English

Veeam update fails with "This Veeam Backup & Replication / Veeam ONE installation cannot be updated automatically"

KB ID: 2157
Product: Veeam Management Pack for System Center;Veeam Backup & Replication;Veeam ONE;Veeam Availability Console;Veeam Availability Orchestrator
Version: 7.x, 8.x, 9.x
Published:
Last Modified: 2019-02-08

Challenge

When attempting to update the Veeam Backup & Replication or Veeam ONE software, an error is encountered:
This Veeam Backup & Replication / Veeam ONE installation cannot be updated automatically. Please contact Veeam customer support for assistance with manual update.
 

Cause

Update setup program checks the digital signature of the existing files to ensure their integrity before updating them. All product files are signed using Global Sign certificates. Some Windows installations do not contain Global Sign's root certificates authority as trusted root certificates, or have non-current certificates. This issue is typically observed on servers with locked down security settings, or servers with no internet access or latest updates installed.

Solution

To resolve this issue, please install the below certificates manually on the system:
https://www.digicert.com/CACerts/DigiCertAssuredIDRootCA.crt (DigiCert Assured ID Root CA)
https://secure.globalsign.com/cacert/gscodesigng2.crt (GlobalSign CodeSigning CA - G2)
https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt (DigiCert High Assurance EV Root CA)
https://www.digicert.com/CACerts/DigiCertEVCodeSigningCA-SHA2.crt (DigiCert EV Code Signing CA - SHA2)
https://support.globalsign.com/customer/portal/articles/1426602-globalsign-root-certificates (install R1, R2, and R3 certificates)

Additional certificates are needed for Veeam ONE 9.5 Update 4:
For SHA1: https://www.thawte.com/roots/Thawte_Timestamping_CA.pem (Thawte Timestamping CA)
For SHA2: https://www.websecurity.symantec.com/content/dam/websitesecurity/digitalassets/desktop/pdfs/roots/VeriSign-Universal-Root-Certification-Authority.pem (VeriSign Universal Root Certification Authority)

If your backup server does not have internet access, please download certificate files from another computer.

 

More Information

To install a certificate:
Right-click on the certificate file in Windows, select "Install Certificate", install on "Local Machine", and select the store "Trusted Root Certification Authorities". When installed properly, "GlobalSign" and "GlobalSign Root CA" should show under Console root -> Certificates -> Trusted Root Certification Authorities -> Certificates.

User Added Image

Please be aware that we’re making changes which will restrict access to product updates for users without an active contract.

OK

Rate the quality of this KB article: 
1.9 out of 5 based on 369 ratings
Back to KB search

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Request new content

Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text:

Submit