Veeam Support Knowledge Base
Windows FLR fails to start with "The request has been cancelled."

Windows FLR fails to start with "The request has been cancelled."

KB ID:	4819
Product:	Veeam Backup & Replication \| 13
Published:	2026-02-24
Last Modified:	2026-02-24

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

Oops! Something went wrong.

Please, try again later.

Article Applicability

This article addresses an issue that may occur when using a Windows-based deployment of Veeam Backup & Replication v13, where the Backup Server is either isolated from the internet or subject to significant firewall restrictions.

Challenge

When attempting to perform a Guest Files Restore, the following error occurs in environments where the Veeam Backup Server or Windows Mount Server is either isolated from the internet or has significant firewall restrictions to outside servers:

The request has been cancelled

Log Example

Error example in FLR session log:

Info (3)    Starting oib mount on mount service. Binding: [IpOrDnsName: [localhost], Port: [6170], HostId: [{guid}], IsLinux: [False]]
Error (1)    [SVeeamBackupServiceClient][Veeam.Backup.Interaction.BackupService.FileRestoreManagementServiceProxy]Failed RPC call. Method: FileRestoreManagementService.StartAsync, Request: 6WfCxBGnSPQ, Client: Veeam.Backup.Fex_14968:BackupServiceRpc_HJz3otR3BLg, Correlation: 6WfCxBGnSPQ
Error (1)    Veeam.Backup.Grpc.VeeamGrpcException: The request has been cancelled.
Error (1)     ---> Grpc.Core.RpcException: Status(StatusCode="Cancelled", Detail="", DebugException="System.OperationCanceledException: The operation was canceled.")
Error (1)     ---> System.OperationCanceledException: The operation was canceled.
Error (1)     ---> System.Threading.Tasks.TaskCanceledException: The operation was canceled.
Error (1)     ---> System.TimeoutException: A connection could not be established within the configured ConnectTimeout.
                
            

Cause

When a Guest Files Restore is initiated, Veeam Backup & Replication components use certificates to establish gRPC connections over HTTPS. The Windows feature "Automatically update certificates in the Microsoft Root Certificate Program" checks for revoked certificates via an HTTP request to "ctldl.windowsupdate.com" with a 15-second timeout.

Since Veeam's gRPC connection timeout is also 15 seconds, if certificate verification takes too long, the connection fails, and the restore initialization fails to start.

Solution

At this time, two workarounds exist to resolve this issue:

Option 1: Update Firewalls or Network Access Policies

Ensure that both the Veeam Backup Server and Windows Mount Server have access to "ctldl.windowsupdate.com" over port 80. This will make it so that Windows can successfully check the certificate revocation list.

Test-NetConnection -ComputerName ctldl.windowsupdate.com -Port 80
                
            

A Windows PowerShell window shows the result of a "Test-NetConnection" command to "ctldl.windowsupdate.com" on port 80. The output confirms a successful connection with "TcpTestSucceeded : True" and displays connection details including remote address, port, and interface.

Example of a successful test.

Option 2: Disable Automatic Certificate Updates

If allowing access to ctldl.windowsupdate.com is not possible, disable "Automatically update certificates in the Microsoft Root Certificate Program" in Group Policy Editor on the Veeam Backup Server and Windows Mount Server.

Open Group Policy Editor
Navigate to: Computer Configuration > Windows Settings > Security Settings > Public Key Policies
Open the entry for: "Certificate Path Validation Settings"

The Local Group Policy Editor window is open. The navigation tree on the left is expanded to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Public Key Policies." The right pane highlights "Certificate Path Validation Settings."

Switch to the "Network Retrieval" tab.
Enable the option named: "Define these policy settings"
Disable the option named: "Automatically update certificates in the Microsoft Root Certificate Program"

The "Certificate Path Validation Settings Properties" window is open to the "Network Retrieval" tab. The "Define these policy settings" box is checked, while "Automatically update certificates in the Microsoft Root Certificate Program (recommended)" is unchecked. Additional settings for retrieval timeouts and issuer certificate retrieval are visible, with the "OK" button highlighted.

Click OK, and close the Group Policy Editor

More Information

More information about the Windows feature "Automatically update certificates in the Microsoft Root Certificate Program" can be found here:

Microsoft Documentation: Certificates and trust in Windows

If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

Product

Topic

Description

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

I would like to receive a follow-up email regarding my feedback

Verify your email to continue your product download

We've sent a verification code to:

An email with a verification code was just sent to

Didn't receive the code? Click to resend in sec

Didn't receive the code? Click to resend

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.