Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 2725 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Veeam Office 365 Backup Issue

Dread

Hi Guys,

Quick question - trying to install a demo of Veeam Office 365 to evaluate it but the final step is adding an Office 365 Organisation and its failing on the step where its Connecting to Powershell (Office 365) with an error stating that: The Server Certificate on the destination computer (outlook.office365.com:443) has the following errors: the SSL Certificate could not be checked for Revocation.







Anyone run across this before and know the correct exemptions I need in UTM 9 to allow it through properly? 

As usual - any tips or advice is greatly appreciated :)



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    What do you see in the WebFilter logs at this time for this machine? Further, have you checked the connectivity to the CRL URL path from this machine?

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Thanks for the reply Jaydeep!

    Checking the logs I am seeing nothing in the Firewall logs at all and in the Web filtering logs I can see:

    2019:12:10-09:43:46 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6615" request="0xd0876300" url="login.microsoftonline.com/" referer="" error="" authtime="1" dnstime="7" aptptime="121" cattime="73" avscantime="0" fullreqtime="285226" device="1" auth="2" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" country="Australia" application="office" app-id="1156"
    2019:12:10-09:43:46 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="14460" request="0xc7dbf500" url="autologon.microsoftazuread-sso.com/" referer="" error="" authtime="1" dnstime="563" aptptime="53" cattime="83" avscantime="0" fullreqtime="273349" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="Australia"
    2019:12:10-09:43:47 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="12438" request="0xad32300" url="autologon.microsoftazuread-sso.com/" referer="" error="" authtime="0" dnstime="6" aptptime="57" cattime="67" avscantime="0" fullreqtime="734706" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="Australia"
    2019:12:10-09:43:48 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="11617" request="0x9fd9c00" url="login.microsoftonline.com/" referer="" error="" authtime="0" dnstime="6" aptptime="130" cattime="77" avscantime="0" fullreqtime="509964" device="1" auth="2" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" country="Australia" application="office" app-id="1156"
    2019:12:10-09:43:48 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6583" request="0xcba6300" url="login.microsoftonline.com/" referer="" error="" authtime="1" dnstime="6" aptptime="70" cattime="82" avscantime="0" fullreqtime="563575" device="1" auth="2" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" country="Australia" application="office" app-id="1156"
    2019:12:10-09:43:49 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="14444" request="0x98b4700" url="autologon.microsoftazuread-sso.com/" referer="" error="" authtime="1" dnstime="7" aptptime="96" cattime="84" avscantime="0" fullreqtime="265685" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="Australia"
    2019:12:10-09:43:49 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="12438" request="0xb85d500" url="autologon.microsoftazuread-sso.com/" referer="" error="" authtime="0" dnstime="7" aptptime="58" cattime="78" avscantime="0" fullreqtime="478387" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" country="Australia"
    2019:12:10-09:43:50 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="40.126.14.103" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="11633" request="0xabc3100" url="login.microsoftonline.com/" referer="" error="" authtime="1" dnstime="8" aptptime="80" cattime="83" avscantime="0" fullreqtime="509276" device="1" auth="2" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" country="Australia" application="office" app-id="1156"
    2019:12:10-09:43:50 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="52.98.2.2" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3976" request="0xb95f100" url="outlook.office365.com/" referer="" error="" authtime="0" dnstime="7" aptptime="105" cattime="0" avscantime="0" fullreqtime="101245" device="1" auth="2" ua="" exceptions="content,url,ssl,certcheck,certdate" application="office" app-id="1156"
    2019:12:10-09:43:52 fw-sg230 httpproxy[786]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="x.x.x.x" dstip="52.98.2.2" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (Staff Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3976" request="0xc1da700" url="outlook.office365.com/" referer="" error="" authtime="0" dnstime="7" aptptime="88" cattime="0" avscantime="0" fullreqtime="96585" device="1" auth="2" ua="" exceptions="content,url,ssl,certcheck,certdate" application="office" app-id="1156"


  • 0 in reply to Dread

    Hi  

    Thanks for the logs. Logs look good enough to allow the connection. I just checked the webpage https://outlook.office365.com:443 and check for the CRL info, which something like this:

    [1]CRL Distribution Point
    Distribution Point Name:
    Full Name:
    URL=crl3.digicert.com/DigiCertCloudServicesCA-1-g1.crl
    [2]CRL Distribution Point
    Distribution Point Name:
    Full Name:
    URL=crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl

    So your application might be facing connectivity issues while accessing these websites. I did a wget from my UTM just to check if I can access and I can access just fine. Try to open this both URLs in a browser from your machine and see if downloads a CRL file or not.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Opening a Browser windows (Chrome) and trying to get to: http://outlook.office365.com:443/ results in a pop up box to login to Office 365 ... which I can manually log into with the same credentials in the Veeam Backup wizard I am trying to install the software with.

     

    On the SG230 the Web Protection Policy tool passes fine for the User and IP of that PC going to that address

     

  • 0 in reply to Dread

    One sec, just realized I read your message wrong, you wanted me to navigate to: http://crl4.digicert.com/DigiCertCloudServicesCA-1-g1.crl and the other link, not the office 365 link.

    Noticed it came up with a page blocked error - country block. I have Taiwan (and nearly all of Asia) country blocked. Just unblocked Taiwan.

    Can now navigate to those two links and it downloaded the files fine. Installed still fails with the same error as originally :(

  • 0 in reply to Dread

    It could be worth as a try to make an exception for HTTPS Scanning for the URLs office365.com, login.microsoftonline.com and autologon.microsoftazuread-sso.com the web proxy.

    Maybe certificate pinning is used in the Veeam software, but I‘m not sure about that.

    Best regards 

    Alex 

    -

Reply
  • 0 in reply to Dread

    It could be worth as a try to make an exception for HTTPS Scanning for the URLs office365.com, login.microsoftonline.com and autologon.microsoftazuread-sso.com the web proxy.

    Maybe certificate pinning is used in the Veeam software, but I‘m not sure about that.

    Best regards 

    Alex 

    -

Children
No Data
Unfiltered HTML