Error when creating a cloud library - Failed to verify the device from the mediaagent or Failed to check cloud server status

When attempting to create a new cloud library, it may fail due to SSL certificate checks.

Symptoms

The configuration of the cloud library fails with one of the following error messages or similar to them:

Error: Failed to verify the device from the mediaagent [] with the error [Failed to check cloud server status, error = [[Cloud] There is a name lookup error.].]

or

Failed to check cloud server status, please make sure the provided service host URL credential and bucket/container names are correct and with the proper permissions. Also check the network connection to the Cloud server is not blocked.

or

[Cloud] The server failed to do the verification. The Cloud server host name may not match with the server certificate or a problem occurred somewhere in the SSL/TLS handshake. Error = 44037]

Causes

The likely cause of this issue is related to Commvault being unable to fully validate the authenticity of the returned SSL certificate. This typically occurs when configuring local cloud storage (S3 emulation) where self-signed certificates are used but can occur if the Media Agent or CommServe resides behind a proxy or some other network device that blocks the validation of the SSL certificate.

Resolution

To further identify the cause, you can try these steps:

1. Check if any proxies in the environment could be restricting internet access. An HTTP proxy can be configured within Commvault for more information see Configuring an HTTP Proxy Server for the CommServe Computer
2. Check to see if any environmental proxy in the environment could be preventing access to validate the certificate. You can use netsh to check for proxies from a command prompt

netsh winhttp show proxy

Alternatively, you can prevent Commvault from validating the certificate using the step below:

Disable certificate validation checks

Add the nCloudServerCertificateNameCheck additional setting to the associated MediaAgent as shown in the following table.

For instructions about adding the additional setting from the CommCell Console, see Adding or Modifying an Additional Setting.

If the above does not work, you can also try configuring the HTTP protocol for the service host: For more information, see setup the Service Host to use the HTTP protocol when configuring the cloud library.