VMware vSphere

We have updated vcenter from version 6.5 to 7.0.3K It seems that everything is fine, but there are inexplicable problems with the veeam. We periodically catch an error between veeam and vcenter (error handshake).

From the side, the vcenter saw the following when we tried to extract the certificates.

https://vcenter.______-.local/certs/download.zip 

Maybe we have some problems with cetrs?

Hi ,

I recommend to perform all the below to checks for your vCenter certificate, also run the VDT to verify the overall health of vCenter.

1. Checking Expiration of STS Certificate on vCenter Servers - Download the checksts python script.
   https://kb.vmware.com/s/article/7924

2. Verify certificate expiration date - https://kb.vmware.com/s/article/82332
- In case expired then regenerate Self-Signed certificate with https://kb.vmware.com/s/article/2112283

3. Run VDT tool to check the overall health on the vCenter - https://flings.vmware.com/vsphere-diagnostic-tool
Guide - https://4sysops.com/archives/troubleshoot-vmware-using-vsphere-diagnostic-tool/ or HowTo: vSphere Diagnostic Tool | TechMyth

STS Certificate not expired.

Diagnostic tools showed these errors:

 

And now I have new question.

How resolve problem on screen 2. KB isnt usefull.

LDAPs I dont use.

In firefox I dont have this problem. It is look like problem in browsers

usually firefox is the browser where i have all kind of certificate related problems. Great that you could pin it down to specific browsers.

I don't think it has anything to do with certs here. If the handshake error is just random and get's fixed by its own ; it could be due to sessions/connections  exhausted .
Check https://kb.vmware.com/s/article/88264

Yes. It is look like your are right.

Two days ago we analized logs vcenter and found remote https connections exceed max allowed: 2048 and session closed.

How to see with whom so many sessions are established? Because we don't want to just raise the number....