Error "Failed to establish connection to Amazon S3 endpoint" when adding an Amazon S3 object storage repository

KB ID: 3215
Product: Veeam Backup & Replication
Version: 10.0.1.4854 or newer
Published: 2020-06-30
Last Modified: 2022-04-21
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

Adding an Amazon S3 object storage repository may fail with the following error:
Failed to load Amazon S3 Compatible configuration: Failed to establish connection to Amazon S3 Compatible endpoint. See logs for details.
Log Example
By default, in the log %programdata%\Veeam\Backup\Satellites\BackupServer\User\Agent.PublicCloud.Satellite.log the following entries are present:
net| Retrieving certificate for s3.amazonaws.com:443 ok.
cli| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cli| Result
cli| (EString) Certificate = -----BEGIN CERTIFICATE-----
....
cli| -----END CERTIFICATE-----
cli|
cli| (EBoolean) IsTrusted = true
cli| AmazonRest.S3.TestConnection
cli| (EGuid) ClientId = {abcf50ec-e8a7-4cd7-a186-22fa9447c676}
cli| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
aws| Creating HTTP client. API URI: [https://s3.amazonaws.com]
aws| WARN|HTTP request failed, retry in [1] seconds, attempt number [1], total retry timeout left: [5] seconds
aws| >> |WinHttpSendRequest: 12175: A security error occurred

Cause

The most common cause of this error is that Amazon certificate revocation status cannot be verified.

Solution

To verify the certificate revocation status, the Veeam server or Veeam gateway server must:

  1. have access to the internet
  2. be able to access the following certificate revocation lists (CRL):

 

If you can access these Certificate Revocation Lists (CRL) on the Veeam Backup Server or dedicated Gateway Server, and the issue continues to occur, Open a ticket with technical support to investigate the problem further.

Workaround

This workaround disables a core Certificate Security feature. It should only be used when the Veeam backup server, or dedicated gateway server, does not have access to the Internet or the access was intentionally restricted.

To disable Amazon S3 certificate revocation verification, create the following registry value on the configured Amazon S3 gateway server and the Veeam Backup Server:

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication
Value Name: S3TLSRevocationCheck
Value Type: DWORD (32-Bit) Value
Value Data: 0

0 - Disable Revocation Check
1 - Enable Revocation Check

 

Note: This workaround is compatible only with Veeam Backup & Replication 10a (10.0.1.4854) or newer.

Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.