After upgrade of Veeam Backup & Replication on the Veeam Cloud Connect service provider's backup server to version 10, tenant jobs may start failing with the following error: "Authentication failed because the remote party has closed the transport stream". At the same time, the Svc.VeeamCloudConnect.log log file displays the following error: "A call to SSPI failed, see inner exception".
The issue can be spotted in the following logs:
Job.log (on the tenant side)
[15.06.2020 11:00:00] <01> Error Authentication failed because the remote party has closed the transport stream. (System.IO.IOException) [15.06.2020 11:00:00] <01> Error at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) ... [15.06.2020 11:00:00] <01> Error at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) [15.06.2020 11:00:00] <01> Error at Veeam.Backup.Core.CSocketInvokerClient.InvokeImpl(TcpClient client, CSocketInvokerParams args, Int32 threadId) [15.06.2020 11:00:00] <01> Error at Veeam.Backup.Core.CSocketInvokerClient.TryInvoke(CSocketInvokerParams invokerParams)
Cause
Windows updates related to a new .Net Framework enforce a security check and do not allow to establish a secure connection between Veeam backup servers on the tenant side and service provider side using a weak Diffie-Hellman Ephemeral (DHE) key.
Solution
Install recommended Windows updates on the tenant Veeam Backup & Replication server or Veeam Agent for Microsoft Windows machines. For details, see https://support.microsoft.com/en-us/help/3061518/ms15-055-vulnerability-in-schannel-could-allow-information-disclosure.