Backups with VMware VixDiskLib 6.0 fail with host certificate error
Article ID: VMW0015 Backups with VMware VDDK 6.0 fail if the vCenter SSL setting “vCenter requires verified host SSL certificates” is disabled.
When performing a VMware backup, all backups fail with the following error message:
In the Job Details dialog box (Job Controller > right-click backup job > Details), the Virtual Machine Status tab shows the following failure reason for individual virtual machines:
The vixDiskLib.log file contains the following lines:
Certificate verification is mandatory in VMware VDDK 6.0. Commvault software handles the verification for the connection to vCenter; but certificate verification is also required when a connection is relayed to a specific ESX host.
If the vCenter SSL setting vCenter requires verified host SSL certificates is disabled, host certificate thumbprints are not automatically verified when the host is added to the inventory. As a result, the certificate thumbprint for the host is not relayed when establishing an NFC connection to that host. Any host that does not have a verified SSL certificate thumbprint will fail to be accessed by the VDDK.
For more information about this requirement, see Virtual Disk Development Kit 6.0 Release Notes.
When upgrading from vCenter 4.1 to any release of vCenter 5 or to vCenter 6.0, you must select the vCenter requires verified host SSL certificates option.
Note: VMware recommends upgrading older versions to 5.5.4; forward compatibility to V6.0 is supported only from V5.5.4.
To check the setting for certificate verification in vSphere:
- From the vSphere client, click Home > Administration > vCenter Server Settings > SSL Settings.
- In vCenter 6.0, the vCenter requires verified host SSL certificates option is not displayed because certificate verification is mandatory.
- In any version of vCenter 5, the vCenter requires verified host SSL certificates option is displayed if the option was already selected during a previous upgrade.
- If the vCenter requires verified host SSL certificates option is displayed in any version of vCenter, manually verify the SSL certificate for each ESX host.
For more information, see the following links: