The Service Provider wizard on the Tenant Veeam Server fails with errors.
Certificate validation failed. Unable to connect to the service provider.
Certificate validation failed. Authentication failed because the remote party has closed the transport stream.
Veeam Support engineers are only able to assist with isolation of certificate problems. Veeam Support is unable to assist in generating, altering, importing, exporting, or installing SSL certificates. For more information on certificate processes, please refer to your SSL certificate provider.
Ensure TCP/UDP port 6180 is allowed outbound from the tenant environment (for stateful firewalls only). If the firewall is stateless, a static rule will need added for the return traffic. Similar firewall exceptions with TCP/UDP 6180 need to be applied in the provider's firewall for traffic that is destined for each Cloud Connect Gateway. Additionally, please note that tenant proxies or repositories will connect directly to the Cloud Connect Gateways during job runs.
Ensure the certificate with the private key is installed in the Service Provider Cloud Connect server. It does not need to be installed in the Cloud Connect Gateways if they are separate servers. The issued certificate with the private key will be a file with a .pfx extension.
If your SSL certificate provider asks you to generate the PFX file using a private key you have generated as opposed to one they provide, it will be considered a security risk and will not be a supported configuration.
Ensure the certificate chain is installed in the Service Provider Cloud Connect server, which includes subordinate (intermediate) and root CA certificates. Often the SSL certificate provider will include the chain in a separate file with a p7b extension.
Ensure DNS can be resolved for the Cloud Connect Server from all Cloud Connect Gateways. Disable any gateways that are not going to be used.