Hello,
We have SRM/vCenter at both protection site and as well at recovery site.
Vcenter - 6.0U2
SRM - 6.1.1.13171
Site pairing was worked fine until we restarted the protection site vcenter server(which has SRM too). after vcenter/SRM at protection site came back online. It couldn't connect to SRM at recovery site.
When we tried to reconfigure the pairing from protection site, its failing with error message "failed to acquire token from sso server at https://<Recovery site Vcenter>/sts/STSService/vsphere.local".
And we observing that recovery site SRM/Vcenter can connect the protection site SRM.
Thanks,
Dinesh.
Do you have default SSL certs installed or your own certificates? If you have your own certificates, check that they haven't expired.
Also check that STSService is up and running on PSC and is accessible.
As well make sure that all necessary port for site pairing is open VMware Knowledge Base
Have you updated any SSL certs in your vCenter.What was the reboot for?
Also share the vmware-dr log from the site you are initiating pairing
Hello,
We haven't updated any ssl cert on vcenter. We have rebooted vcenter/SRM server on protection site to simulate DR fail over. (as this is POC setup currently we are exploring all the DR fail over scenarios) .
Below are the SRM logs on protection site when we tried to reconfigure pairing with recoverysite SRM,
--> The remote host certificate has these problems:
-->
--> * The host certificate chain is incomplete.
-->
--> * unable to get local issuer certificate"
2017-12-08T11:23:40.877+08:00 [12428 warning 'DrSiteSiteManager'] SSL client handshake to 'vcenterserver.telbru.private:443' failed.
--> std::exception 'class Vmacore::Ssl::SSLVerifyException' "SSL Exception: Verification parameters:
--> PeerThumbprint: 36:2A:B3:8D:4E:81:1B:89:08:54:F9:A1:C4:7D:2E:77:8F:A0:C8:7A
--> ExpectedThumbprint:
--> ExpectedPeerName: vcenterserver.telbru.private
--> The remote host certificate has these problems:
Any update?
Could you do a modify install of SRM on both sites.. and generate new certificates for SRM.
modify install gives you options to start with fresh DB also( we dont want that)
Only a modify install keeping everything intact and generate new self signed certs for SRM.
do the pairing again and update.
also let us know what kind of certs is vCenter using?
Hello,
We are using default certificates.
We tried modify vcenter installation but still same.
Thanks,
Can you check the vCenter certs and tell me what certificate has this thumbprint
"36:2A:B3:8D:4E:81:1B:89:08:54:F9:A1:C4:7D:2E:77:8F:A0:C8:7A"
Also if you can attach the vmware-dr log from both sites while doing site pairing