#1 Global Leader in Data Resilience
#1 Global Leader in Data Resilience
TRY NOW
book meeting
BACK TO KB LIST

"Failed to retrieve certificate" when adding AWS Snowball Edge

KB ID: 4746
Product: Veeam Backup & Replication | 12 | 12.1 | 12.2 | 12.3 | 12.3.1 | 12.3.2
Published: 2025-06-26
Last Modified: 2025-07-01
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Article Applicability

The error message documented in this article can also occur when the Service point specified is invalid or cannot be reached due to a firewall, which is documented in KB4328.

This article is specifically regarding a situation in which the correct Service point has been provided, but the Veeam Backup & Replication software is unable to retrieve the certificate due to AWS releasing a new Snowball Edge device that has an EMS extension on TLS connection.

Challenge

When adding an AWS Snowball Edge device to Veeam Backup & Replication, the following error occurs:

Failed to retrieve certificate from <url>
Error

Cause

Recent changes in the software used by the AWS Snowball Edge devices causes Veeam Backup & Replication to fail when attempting to retrieve the certificate.
Click to Expand and View Log Samples 
cli      | -------------------------------------------------------------------------------
cli      | Network.RetrieveSslCertificate
cli      |   (EString) HostName = 10.0.0.42
cli      |   (EInt32) Port = 8443
cli      |   (EInt32) TimeoutSec = 60
cli      | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
net      | Retrieving certificate for 10.0.0.42:8443
net      | WARN|Handshake failed with 'sslv3 alert handshake failure'
net      | Retrieving certificate for 10.0.0.42:8443 Failed.
cli      | WARN|Failed to retrieve certificate, retrying
cli      | >>  |Failed to retrieve SSL certificate. Underlying error: sslv3 alert handshake failure
net      | Retrieving certificate for 10.0.0.42:8443

Info (3) [PublicCloudCertificateLoader] Loading certificate for 'https://10.0.0.42:8443'
Info (3) [AP] (23ee9c4a) command: 'Invoke: Network.RetrieveSslCertificate { (EString) HostName = 10.0.0.42; (EInt32) Port = 8443; (EInt32) TimeoutSec = 60; }'
Info (4) [AP] (23ee9c4a) output: <VCPCommandResult result="false" exception="Failed to retrieve SSL certificate. Underlying error: sslv3 alert handshake failure&#x0A;Agent failed to process method {Network.RetrieveSslCertificate}." />
Info (4) [AP] (23ee9c4a) output: >
Error (3) Failed to retrieve SSL certificate. Underlying error: sslv3 alert handshake failure
Error (3) Agent failed to process method {Network.RetrieveSslCertificate}.
Error (3) (System.AggregateException)
Error (3) Failed to retrieve SSL certificate. Underlying error: sslv3 alert handshake failure (Veeam.Backup.Common.CCppComponentException)
Error (3) Agent failed to process method {Network.RetrieveSslCertificate}.

Solution

Option 1: Force Veeam Backup & Replication to Connect Using HTTP

As the AWS Snowball device is a temporary local device, forcing connectivity via HTTP is the simplest way to enable access.

This registry value will function for all versions of Veeam Backup & Replication 12.x.

  1. On the Veeam Backup Server, create the following registry value.

    Key Location:     HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
    Value Name: SOBRArchiveS3DisableTLS
    Value Type: DWORD (32-Bit) Value
    Value Data: 1

    PowerShell command to create the registry value:
New-ItemProperty -Path 'HKLM:\SOFTWARE\Veeam\Veeam Backup and Replication\' -Name 'SOBRArchiveS3DisableTLS' -Value "1" -PropertyType DWORD -Force
  1. Connect to the AWS Snowball device using port 8080 (e.g., http://10.0.0.42:8080/).
  2. After the AWS Snowball device has left the environment, remove the registry value.

Option 2: Install Hotfix

A hotfix was developed for Veeam Backup & Replication 12.3.2. This hotfix replaces the VeeamAgent.exe executables used by the Veeam Backup & Replication software to connect to the AWS Snowball device, and must be implemented on the Veeam Backup Server and all Gateway Servers that will need access to the AWS Snowball device.

  1. Ensure that all jobs, restores, and tasks have reached a stopped state.
    All tasks must be stopped to ensure that the VeeamAgent.exe is not locked when attempting to replace it in the next step.
  2. On the Veeam Backup Server and all Gateway Servers that will need to access the AWS Snowball, replace the following files with the ones from the hotfix package:
    • C:\Program Files (x86)\Veeam\Backup Transport\x64\VeeamAgent.exe
    • C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe
  3. Reattempt adding the AWS Snowball device to Veeam Backup & Replication.
    Note: There is no need to restart any services, since the VeeamAgent.exe executables are only run by the services as needed.
Download Hotfix

Filename: KB4746_20240619_1008369.zip

MD5: 98C1D767F31A093A3904E79829691226
SHA1: 17A8C873BF7F655F3CD6E405E70612316D48A68B

If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.