Site Pairing failed -Error occured during serializ...

ittechnical2017 · ‎12-07-2017

Hello,

We have SRM/vCenter at both protection site and as well at recovery site.

Vcenter - 6.0U2

SRM - 6.1.1.13171

Site pairing was worked fine until we restarted the protection site vcenter server(which has SRM too). after vcenter/SRM at protection site came back online. It couldn't connect to SRM at recovery site.

When we tried to reconfigure the pairing from protection site, its failing with error message "failed to acquire token from sso server at https://<Recovery site Vcenter>/sts/STSService/vsphere.local".

And we observing that recovery site SRM/Vcenter can connect the protection site SRM.

Thanks,

Dinesh.

Finikiez · ‎12-07-2017

Do you have default SSL certs installed or your own certificates? If you have your own certificates, check that they haven't expired.

Also check that STSService is up and running on PSC and is accessible.

As well make sure that all necessary port for site pairing is open VMware Knowledge Base

hussainbte · ‎12-07-2017

Have you updated any SSL certs in your vCenter.What was the reboot for?

Also share the vmware-dr log from the site you are initiating pairing

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/

ittechnical2017 · ‎12-07-2017

Hello,

We haven't updated any ssl cert on vcenter. We have rebooted vcenter/SRM server on protection site to simulate DR fail over. (as this is POC setup currently we are exploring all the DR fail over scenarios) .

Below are the SRM logs on protection site when we tried to reconfigure pairing with recoverysite SRM,

--> The remote host certificate has these problems:

-->

--> * The host certificate chain is incomplete.

-->

--> * unable to get local issuer certificate"

2017-12-08T11:23:40.877+08:00 [12428 warning 'DrSiteSiteManager'] SSL client handshake to 'vcenterserver.telbru.private:443' failed.

--> std::exception 'class Vmacore::Ssl::SSLVerifyException' "SSL Exception: Verification parameters:

--> PeerThumbprint: 36:2A:B3:8D:4E:81:1B:89:08:54:F9:A1:C4:7D:2E:77:8F:A0:C8:7A

--> ExpectedThumbprint:

--> ExpectedPeerName: vcenterserver.telbru.private

--> The remote host certificate has these problems:

ittechnical2017 · ‎12-10-2017

Any update?

hussainbte · ‎12-11-2017

Could you do a modify install of SRM on both sites.. and generate new certificates for SRM.

modify install gives you options to start with fresh DB also( we dont want that)

Only a modify install keeping everything intact and generate new self signed certs for SRM.

do the pairing again and update.

also let us know what kind of certs is vCenter using?

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/

ittechnical2017 · ‎12-18-2017

Hello,

We are using default certificates.

We tried modify vcenter installation but still same.

Thanks,

hussainbte · ‎12-18-2017

Can you check the vCenter certs and tell me what certificate has this thumbprint

"36:2A:B3:8D:4E:81:1B:89:08:54:F9:A1:C4:7D:2E:77:8F:A0:C8:7A"

Also if you can attach the vmware-dr log from both sites while doing site pairing

If you found my answers useful please consider marking them as Correct OR Helpful Regards, Hussain https://virtualcubes.wordpress.com/

All

Site Pairing failed -Error occured during serialization of the token request