Problem Description
Hyper-V backup jobs fail with error code PHOENIX187. This occurs when the Hyper-V host is unable to establish a secure, authenticated connection with Druva Cloud services.
This issue typically arises immediately following local environmental changes, such as:
Firewall rule modifications
Proxy server updates
New SSL inspection/decryption policies
Antivirus or endpoint security software updates
Recent Druva agent upgrades
Cause
The secure connection fails because the SSL/TLS handshake between the Hyper-V host and Druva Cloud endpoints cannot be completed. Common root causes include:
Network Blocks: Firewalls blocking outbound HTTPS (TCP 443) communication.
Certificate Interception: SSL inspection appliances modifying or breaking the certificate trust chain.
Proxy Interference: Proxy servers rejecting, misrouting, or failing to authenticate the agent's secure traffic.
Software Conflicts: Local antivirus or Endpoint Detection and Response (EDR) software blocking Druva processes.
OS-Level Issues: Missing root certificates or misconfigured TLS cipher suites on the Hyper-V host.
Traceback
Review the EnterpriseWorkloadAgent logs on the affected Hyper-V host (Default path: C:\ProgramData\Druva\Phoenix\HyperV\logs\). Look for the following explicit network failures:
SSL handshake failed
TLS negotiation failed
Unable to establish secure connection
Connection reset by peer
On the Druva Management Console, the backup job status will terminate with:
Error Code: PHOENIX187
Resolution
Follow these troubleshooting steps on the affected Hyper-V host to restore connectivity:
Step 1: Validate Outbound Port Connectivity
Ensure that outbound HTTPS (TCP Port 443) communication is completely unrestricted from the Hyper-V host to the Druva Cloud endpoints.
Step 2: Configure SSL Inspection Bypasses
If your organization uses SSL inspection/decryption hardware (e.g., Zscaler, Palo Alto, Fortinet), create an explicit SSL Bypass rule for all Druva Cloud service URLs to prevent certificate tampering.
Step 3: Implement Antivirus & EDR Exclusions
Verify that local security software is not interfering with Druva operations. Ensure that the recommended directory and process exclusions are applied for all Druva components:
Exclude the installation path:
C:\Program Files\Druva\Exclude the data/log path:
C:\ProgramData\Druva\
Step 4: Verify the Agent Service Status
Open the Windows Services console (
services.msc).Locate the EnterpriseWorkloadAgent service.
Verify it is running. If necessary, restart the service to apply any underlying network or proxy environment changes.
Step 5: Test and Verify
Once environmental modifications are complete:
Trigger a Manual Backup for the affected Hyper-V VM from the Druva Console.
Monitor the job to ensure it successfully passes the initialization phase and completes.
š” Need Further Assistance? If the error persists after verifying these steps, please collect the log folder from C:\ProgramData\Druva\Phoenix\HyperV\logs\ and open a ticket with Druva Support.