https://login.veeam.com/en/oauth?client_id=nXojRrypJ8&redirect_uri=https%3A%2F%2Fwww.veeam.com%2Fservices%2Fauthentication%2Fredirect_url&response_type=code&scope=profile&state=eyJmaW5hbFJlZGlyZWN0TG9jYXRpb24iOiJodHRwczovL3d3dy52ZWVhbS5jb20va2IzMjA4IiwiaGFzaCI6IjBhMThlZjgwLWI1MjQtNDMyZS05MmZjLTYwODE0MWJlNTQ5OCJ9
1-800-691-1991 | 9am - 8pm ET
EN

Veeam Cloud Connect jobs fail with "Authentication failed because the remote party has closed the transport stream" error

Challenge

After upgrade of Veeam Backup & Replication on the Veeam Cloud Connect service provider's backup server to version 10, tenant jobs may start failing with the following error: "Authentication failed because the remote party has closed the transport stream". At the same time, the Svc.VeeamCloudConnect.log log file displays the following error: "A call to SSPI failed, see inner exception".

The issue can be spotted in the following logs:

Job.log (on the tenant side)
[15.06.2020 11:00:00] <01> Error    Authentication failed because the remote party has closed the transport stream. (System.IO.IOException)
[15.06.2020 11:00:00] <01> Error       at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
...
[15.06.2020 11:00:00] <01> Error       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
[15.06.2020 11:00:00] <01> Error       at Veeam.Backup.Core.CSocketInvokerClient.InvokeImpl(TcpClient client, CSocketInvokerParams args, Int32 threadId)
[15.06.2020 11:00:00] <01> Error       at Veeam.Backup.Core.CSocketInvokerClient.TryInvoke(CSocketInvokerParams invokerParams)
Svc.VeeamCloudConnect.log (on the service provider side)
[15.06.202011:00:00] <234> Error    A call to SSPI failed, see inner exception. (System.Security.Authentication.AuthenticationException)
[15.06.202011:00:00] <234> Error       at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
[15.06.202011:00:00] <234> Error       at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
...
[15.06.202011:00:00] <234> Error       at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
[15.06.202011:00:00] <234> Error       at Veeam.Backup.CloudService.CSocketInvokerServerProtocol.InvokeImpl(SPerfomanceCounterInvokerInfo& perfCounterInfo)
[15.06.202011:00:00] <234> Error       at Veeam.Backup.CloudService.CCloudPerfomanceCountersCollector.CollectInvokerPerfomanceCounter(PerfomanceCounterAction invoker)
[15.06.202011:00:00] <234> Error       at Veeam.Backup.CloudService.CSocketInvokerServerProtocol.Invoke()
[15.06.202011:00:00] <234> Error    The specified data could not be decrypted (System.ComponentModel.Win32Exception)

Cause

Windows updates related to a new .Net Framework enforce a security check and do not allow to establish a secure connection between Veeam backup servers on the tenant side and service provider side using a weak Diffie-Hellman Ephemeral (DHE) key.

Solution

Install recommended Windows updates on the tenant Veeam Backup & Replication server or Veeam Agent for Microsoft Windows machines. For details, see https://support.microsoft.com/en-us/help/3061518/ms15-055-vulnerability-in-schannel-could-allow-information-disclosure.

 
KB ID:
3208
Product:
Veeam Agent for Microsoft Windows, Veeam Backup & Replication, Veeam Cloud Connect
Version:
Any
Published:
2020-06-17
Last Modified:
2020-08-13
Please rate how helpful this article was to you:
5 out of 5 based on 1 ratings
Thank you for helping us improve!
An error occurred during voting. Please try again later.

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.
Your report was sent to the responsible team. Our representative will contact you by email you provided.
We're working on it please try again later