1-800-691-1991 | 9am - 8pm ET
EN

Error "Failed to establish connection to Amazon S3 endpoint" when adding an Amazon S3 object storage repository

KB ID: 3215
Product: Veeam Backup & Replication
Version: 10.0.1.4854 or newer
Published: 2020-06-30
Last Modified: 2021-11-12

Challenge

Adding an Amazon S3 object storage repository may fail with the following error:
Failed to load Amazon S3 Compatible configuration: Failed to establish connection to Amazon S3 Compatible endpoint. See logs for details.
Log Example
By default, in the log %programdata%\Veeam\Backup\Satellites\BackupServer\User\Agent.PublicCloud.Satellite.log the following entries are present:
net| Retrieving certificate for s3.amazonaws.com:443 ok.
cli| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
cli| Result
cli| (EString) Certificate = -----BEGIN CERTIFICATE-----
....
cli| -----END CERTIFICATE-----
cli|
cli| (EBoolean) IsTrusted = true
cli| AmazonRest.S3.TestConnection
cli| (EGuid) ClientId = {abcf50ec-e8a7-4cd7-a186-22fa9447c676}
cli| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
aws| Creating HTTP client. API URI: [https://s3.amazonaws.com]
aws| WARN|HTTP request failed, retry in [1] seconds, attempt number [1], total retry timeout left: [5] seconds
aws| >> |WinHttpSendRequest: 12175: A security error occurred

Cause

The most common cause of this error is that Amazon certificate revocation status cannot be verified.

Solution

To verify the certification revocation status, Veeam server or Veeam gateway server must have an access to internet, and the following certificate revocation lists (CRL) must be accessible:

If Veeam backup server or dedicated gateway server has access to the Internet and above-mentioned CRL files can be successfully downloaded, open a ticket with technical support to investigate the problem further.

Workaround

Veeam Backup & Replication version requirement

This workaround is compatible only with Veeam Backup & Replication 10a (10.0.1.4854) or newer.

Build numbers and version of Veeam Backup & Replication

If the Veeam backup server or dedicated gateway server does not have access to the Internet, or the access was restricted intentionally. The following workaround can be used to disable Revocation Check.

To disable Amazon S3 certificate revocation verification, create the following registry value on the configured Amazon S3 gateway server and the Veeam Backup Server:

Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication
Value Name: S3TLSRevocationCheck
Value Type: DWORD (32-Bit) Value
Value Data: 0

0 - Disable Revocation Check
1 - Enable Revocation Check

Restart the Veeam Server after creating the registry value.

KB ID: 3215
Product: Veeam Backup & Replication
Version: 10.0.1.4854 or newer
Published: 2020-06-30
Last Modified: 2021-11-12

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.