Veeam Backup Failed to Create NFC download stream After Upgrade ESXi 5.5 Update2 to Update3

Posted: January 26, 2016 in Other

https://www.veeam.com/kb1198

https://www.veeam.com/kb2063

clip_image002

Check log failed

To investigate the potential of a Ports, Permissions, or DNS issue you will need to review the Agent logs.
1.  Navigate to the following location, on the Veeam Proxy

%programdata%VeeamBackup

2.  Open the folder that matches the name of the job that is having an issue.
3.  Within this folder you will need to find the agent log for the specific VM.

For a Backup Job:
Agent.<JobName>.Source.<VMName>.log
For a Replication Job:
Agent.<JobName>.Source.<VMName>.log
Agent.<JobName>.Target.<VMName>.log

4.  Search for the following:

Creating NFC download stream

5.  Here you will want to look for the following items that could point to the cause of the error.

a.       Port
If there is an issue with ports, there will be an error after the following:
nfc|           Establishing connection with the host [esx1]. Port: [902]. Failed.
b.      Permissions
If there is an issue with permissions, there will be an error after the following:
nfc|           Sending authd message: [SESSION ID NUMBER].
nfc|           Sending authd message: [Name of Host].
nfc|           Waiting for the authd reply message…
c.       DNS
If there is an issue with DNS, the following error will be found.
nfc|             Resolving host name (esx1) to IP address…
nfc|             Resolving host name (esx1) to IP address… Failed.

And found

clip_image004

clip_image006

Enable SSLv3 Hostd

Steps to enable SSLv3 for Hostd service

Hostd – Port 443

To enable SSLv3 protocol:

  1. Log in to ESXi using putty.exe.
  2. Run the following command to access the config.xml file:
    ~# vi /etc/vmware/rhttpproxy/config.xml
  3. Take a back up copy of the config.xml file before editing.
  4. In the configuration file, add or remove the <sslOptions>16924672</sslOptions> entry within the existing <ssl> > <vmacore> tags as shown in the following example to enable or disable SSLv3.
    <vmacore>
    <ssl>
    <sslOptions>16924672</sslOptions>
    </ssl>
    </vmacore>
  5. Save the file.
  6. Restart the rhttpproxy services by running the following command:
    /etc/init.d/rhttpproxy restart

clip_image008

Enable SSLv3 Authd Port 902

Steps to enable SSLv3 for Authd service

Authd – Port 902

To enable/disable protocol:
The SSL/TLS configuration file for authd is stored in /etc/vmware/esx.conf with entry like:
/advUserOptions/options[0026]/name = "VMAuthdDisabledProtocols"

To enable protocols by logging in to the ESXi Command Shell:


  1. Log in to ESXi using putty.exe.
  2. By default SSLv3 is disabled, run the following command to enable it:
    # esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s ""
  3. Command to get the disabled protocols for authd is:
    # esxcli system settings advanced list -o /UserVars/VMAuthdDisabledProtocols
    where:
    Path: /UserVars/VMAuthdDisabledProtocols
    Type: string
    Int Value: 0
    Default Int Value: 0
    Min Value: 0
    Max Value: 0
    String Value: sslv3
    Default String Value: sslv3
    Valid Characters: *
    Description: VMAuthd disabled protocols. By default, sslv3 is disabled. If you want to enable sslv3, set the setting to empty.
    Note: This is a host profile advanced user setting.

clip_image010

Try backup again

clip_image012

CMIIW Smile. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *