Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
After upgrade of Veeam Backup & Replication on the Veeam Cloud Connect service provider's backup server to version 10, tenant jobs may start failing with the following error: "Authentication failed because the remote party has closed the transport stream". At the same time, the Svc.VeeamCloudConnect.log log file displays the following error: "A call to SSPI failed, see inner exception". The issue can be spotted in the following logs: Job.log (on the tenant side) [15.06.2020 11:00:00] <01> Error Authentication failed because the remote party has closed the transport stream. (System.IO.IOException) [15.06.2020 11:00:00] <01> Error at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) ... [15.06.2020 11:00:00] <01> Error at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) [15.06.2020 11:00:00] <01> Error at Veeam.Backup.Core.CSocketInvokerClient.InvokeImpl(TcpClient client, CSocketInvokerParams args, Int32 threadId) [15.06.2020 11:00:00] <01> Error at Veeam.Backup.Core.CSocketInvokerClient.TryInvoke(CSocketInvokerParams invokerParams)Svc.VeeamCloudConnect.log (on the service provider side) [15.06.202011:00:00] <234> Error A call to SSPI failed, see inner exception. (System.Security.Authentication.AuthenticationException) [15.06.202011:00:00] <234> Error at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) [15.06.202011:00:00] <234> Error at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) ... [15.06.202011:00:00] <234> Error at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) [15.06.202011:00:00] <234> Error at Veeam.Backup.CloudService.CSocketInvokerServerProtocol.InvokeImpl(SPerfomanceCounterInvokerInfo& perfCounterInfo) [15.06.202011:00:00] <234> Error at Veeam.Backup.CloudService.CCloudPerfomanceCountersCollector.CollectInvokerPerfomanceCounter(PerfomanceCounterAction invoker) [15.06.202011:00:00] <234> Error at Veeam.Backup.CloudService.CSocketInvokerServerProtocol.Invoke() [15.06.202011:00:00] <234> Error The specified data could not be decrypted (System.ComponentModel.Win32Exception)
Windows updates related to a new .Net Framework enforce a security check and do not allow to establish a secure connection between Veeam backup servers on the tenant side and service provider side using a weak Diffie-Hellman Ephemeral (DHE) key.
Install recommended Windows updates on the tenant Veeam Backup & Replication server or Veeam Agent for Microsoft Windows machines. For details, see https://support.microsoft.com/en-us/help/3061518/ms15-055-vulnerability-in-schannel-could-allow-information-disclosure.