VMware Cloud Community
JulietDeltaGolf
Enthusiast
Enthusiast
‎05-13-2016 02:14 AM

SRM 6 and VCSA 6 certificates

Hi all,

We have a pair of new VCSA 6 systems and a pair of new SRM 6 servers. Each SRM server has registered with its vCenter OK but the SRM servers won't pair - the SRM logs point to a certificate problem:

16-05-12T22:48:50.639+01:00 [03108 verbose 'DrSiteSiteManager'] Established TCP connection to 'XX.XX.XX.XX:9086'
2016-05-12T22:48:50.639+01:00 [02792 warning 'DrSiteSiteManager'] SSL client handshake to 'FQDN_OF_VCENTER:443' failed.
--> std::exception 'class Vmacore::Ssl::SSLVerifyException' "SSL Exception: Verification parameters:
--> PeerThumbprint: 9F:40:45:EF:22:6F:5C:88:62:0E:52:30:D7:FB:64:7E:C2:9C:58:2E
--> ExpectedThumbprint:
--> ExpectedPeerName: FQDN_OF_VCENTER
--> The remote host certificate has these problems:
-->
--> * The host certificate chain is incomplete.
-->
--> * unable to get local issuer certificate"

We're tried removing/reinstalling SRM (and accepting the certificate as part of the install) but no change.

Any assistance much appreciated.

Tags (3)
0 Kudos
3 Replies
JulietDeltaGolf
Enthusiast
Enthusiast
‎05-13-2016 02:33 AM

I should add that we are not using any custom certificates, all the systems are using the automatically generate self-signed certs. All the systems involved can resolve each other and ping by name.

SRM Server at '1st_SRM_FQDN' cannot validate the following security certificate(s):

Host: '2nd_SRM_FQDN'

Thumbprint: 56:3B:6D:C6:A5:45:24:13:73:EF:71:06:A5:BD:CB:9D:87:5E:6D:9A

Host: 'SECONDARY_VCSA_FQDN'

Thumbprint: F1:F2:3D:EC:A5:AB:80:E2:6D:8E:92:07:84:F0:46:89:F6:DE:8C:38

Host: 'SECONDARY_PSC_NAME'

Thumbprint: F1:F2:3D:EC:A5:AB:80:E2:6D:8E:92:07:84:F0:46:89:F6:DE:8C:38

0 Kudos
admin
Immortal
Immortal
‎05-13-2016 07:03 AM

It could possibly be a port accessibility issue, despite the error messages seeming to point to certificate problems.

Can you please verify that vCenter on Site A can communicate with SRM on Site B over port 9086? And vice versa.

I believe you also need to have SRM connectivity from site to site over this port, although it's not specifically mentioned in the KB:

VMware KB: Network Ports for Site Recovery Manager 6.0

0 Kudos
ittechnical2017
Contributor
Contributor
‎12-07-2017 11:37 PM

Can you share how did you fix the issue. We are also facing the same error.

Thanks,

Dinesh.

0 Kudos