Skip to main content

SocketError: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Thread needs solution
Beginner
Posts: 3
Comments: 7

Could I get assistance with this issue. This started after updating to the latest build of Cyber Protect. When the SSL is turned on I cannot add storage nodes because I get a SSL error. 

After turning off SSL, I can add new nodes but the backup tasks fail with the error below. 

Yes, I have ticket open but technical support has not been too great on this issue. Our backups have not been running for a month.

 

SocketError: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

MESSAGE

SocketError: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Additional info:

------------------------
Error code: 20250646
Fields: {"$module":"mms_vsa64_26172","CommandID":"F30407D6-601F-11E0-9C67-FF46DFD72085"}
Message: TOL: Failed to execute the command. Backup workflow
------------------------
Error code: 20250646
Fields: {"$module":"gtob_backup_command_addon_vsa64_26172","CommandID":"F30407D6-601F-11E0-9C67-FF46DFD72085"}
Message: TOL: Failed to execute the command. Backup workflow
------------------------
Error code: 21561346
Fields: {"$module":"gtob_backup_command_addon_vsa64_26172","StepType":2,"TraceLevel":1}
Message: Step 'Backup' has failed.
------------------------
Error code: 20250646
Fields: {"$module":"mms_vsa64_26172","CommandID":"4504F8D4-2727-42AB-BB4F-A42EDBB790A0"}
Message: TOL: Failed to execute the command. Tol::IsolateCommand
------------------------
Error code: 20250646
Fields: {"$module":"service_process_vsa64_26172","CommandID":"8F01AC13-F59E-4851-9204-DE1FD77E36B4"}
Message: TOL: Failed to execute the command. Backing up
------------------------
Error code: 20250646
Fields: {"$module":"gtob_backup_command_addon_vsa64_26172","CommandID":"8F01AC13-F59E-4851-9204-DE1FD77E36B4"}
Message: TOL: Failed to execute the command. Backing up
------------------------
Error code: 10092552
Fields: {"$module":"disk_bundle_vsa64_26172","IsReturnCode":1}
Message: Failed to connect to the storage node.
------------------------
Error code: 10092552
Fields: {"$module":"disk_bundle_vsa64_26172","ASNAddress":"cob-acr-sn-01.cityofbuda.local","ASNPort":0}
Message: Failed to connect to the storage node.
------------------------
Error code: 48562277
Fields: {"$module":"asyncipc_vsa64_26172","Code":336134278}
Message: SocketError: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
------------------------

1 Users found this helpful
Beginner
Posts: 3
Comments: 7

I may have found the solution to this issue and most likely by design. 

 

When adding a storage node to the management server console, do not add using the FQDN of the storage node, add using the IP address of the node. Most likely my main issue is/was that my management server had a FQDN and signed SSL with a domain that is not the same as the internal FQDN for our network. 

This took me weeks of trial and error to pin down. 

Beginner
Posts: 3
Comments: 7

It seems that this issue was introduced when I upgraded to Build: 26172. Before that I had SSL working fine on the older build and the storage node was communicating with the management server via its internal FQDN, while the management server would respond to being called by its 'external' FQDN. 

Forum Support specialist
Posts: 0
Comments: 2016

HelloRichard,

Welcome to Acronis forums!

Thank you for sharing your workaround on this error. Yes, you are right that the cause of this error is a connectivity issue between Agent and Storage Node.

We have a respective KB article on this error https://kb.acronis.com/content/60576

 

 

Forum Member
Posts: 4
Comments: 23

I'm getting this error after updating to latest build 26981 from 26172

 

Beginner
Posts: 3
Comments: 7

Javier wrote:

I'm getting this error after updating to latest build 26981 from 26172

 

Did you have to sit through hours of excruciating phone/remote support only to find out there is no other solution that turning SSL off for the time being?

 

Snark aside. My workaround was to turn off SSL completely and re-add node via its direct IP instead of FQDN. 

Forum Member
Posts: 4
Comments: 23

How did you turn off SSL?

 

Forum Support specialist
Posts: 0
Comments: 2016

Hello Javier.

Sorry to know that you experience this issue. 

The workaround is to delete Acronis Storage Node from console and re-register it following instructions from KB 59863: Acronis Cyber Backup 15, Acronis Cyber Backup 12.5: how to manually re-add a storage node to management server

Forum Member
Posts: 12
Comments: 33

Hello Maria,

thanks for the workaround - is there a timely patch planned for this issue? Another question: Is the workaround furthermore working after rebooting the storage node?

Many thanks,

Erik

Forum Member
Posts: 4
Comments: 23

I have tried that method and also thie one mentioned here: https://kb.acronis.com/node/68671 but neither has solved the problem, maybe is because I'm using a tape based location

 

Forum Member
Posts: 4
Comments: 23

Today I installed the new V15 27009 build hoping it would finally fix the issue as it claims in its release notes but unfortunately it did not.

Forum Support specialist
Posts: 0
Comments: 2016

Hello Javier.

but neither has solved the problem, maybe is because I'm using a tape based location

It is applicable for tape locations as well.

Today I installed the new V15 27009 build hoping it would finally fix the issue as it claims in its release notes but unfortunately it did not.

This new build helps to avoid this issue for those who’ll update to U2 for the first time from older product versions.

In case if you have already faced the problem, please use the workaround from the KB article. Please note that this procedure should be repeated for each Agent that faced the issue when connecting to a storage node (create a temporary location and then delete it). We also recommend that you open a case with Acronis Support Team for assistance with applying the workaround.

Forum Support specialist
Posts: 0
Comments: 2016

Hello Erik.

 is there a timely patch planned for this issue?

To resolve the reported issue, development team has just released Acronis Cyber Protect 15 U2 Hotfix (build 27009). However, this new build will help avoid the issue to customers who’ll update to U2 for the first time from older product versions. Other users who have already faced the problem, should use a workaround from the KB article above.

Another question: Is the workaround furthermore working after rebooting the storage node?

Sure. Since the cashes have been updated with this workaround, the reboot will not affect them.

Forum Member
Posts: 4
Comments: 23

I have tried all proposed workarounds and they didn't fix the issue. I engaged support and they couldn't find a solution either. Eventually I decided to remove all Acronis software (checking the option to remove all config ) from the machines with problematic agents and then reinstalled and reconfigured everything, this finally got rid of the error and now all is working as it should. This is fine if one has a small number of machines to manage like I do but I imagine this could be difficult in large environments with many VMs or physical machines. Wish support had suggested this solution from the start and save me a lot of missed backups.

Regards 

Forum Support specialist
Posts: 0
Comments: 2016

Hello Javier.

Thank you for sharing this solution with other users.

We are sorry that you've encountered this issue in Acronis software and had to apply an inconvenient workaround.

 

 

Beginner
Posts: 0
Comments: 1

Hi, i've got the same issue  (actual Build). The Failure is only when I trie to backup the Management Server. 

Forum Member
Posts: 21
Comments: 33

I have the same problem :/

also tiried to backup temporary fol local folder  H:\bazy2\

and has error:

The path '\\?\H:\' does not exist.

 

Next tried to network location: \\localhost\h$\Bazy3\
and error: Cannot access network share '\\?\UNC\localhost\h$'.
 
 
Can't make backups!
Forum Member
Posts: 21
Comments: 33

Resolved.  Don't work if i backup as machine with agent.  Work when I backup as virtual machine in vmware.

 

Forum Member
Posts: 21
Comments: 33

But when I backup as virtual machines , cant add active protection and vulnerability assesment:

 

The 2 policies are applicable only to resources with the installed agent.
The 3 resources have source types that are incompatible with the current draft.
Forum Member
Posts: 21
Comments: 33

Uninstall and install agents on bad machines helps.

 

Beginner
Posts: 1
Comments: 4

Same problem there using the FQDN instead the IP