Hi all,
We have a pair of new VCSA 6 systems and a pair of new SRM 6 servers. Each SRM server has registered with its vCenter OK but the SRM servers won't pair - the SRM logs point to a certificate problem:
16-05-12T22:48:50.639+01:00 [03108 verbose 'DrSiteSiteManager'] Established TCP connection to 'XX.XX.XX.XX:9086'
2016-05-12T22:48:50.639+01:00 [02792 warning 'DrSiteSiteManager'] SSL client handshake to 'FQDN_OF_VCENTER:443' failed.
--> std::exception 'class Vmacore::Ssl::SSLVerifyException' "SSL Exception: Verification parameters:
--> PeerThumbprint: 9F:40:45:EF:22:6F:5C:88:62:0E:52:30:D7:FB:64:7E:C2:9C:58:2E
--> ExpectedThumbprint:
--> ExpectedPeerName: FQDN_OF_VCENTER
--> The remote host certificate has these problems:
-->
--> * The host certificate chain is incomplete.
-->
--> * unable to get local issuer certificate"
We're tried removing/reinstalling SRM (and accepting the certificate as part of the install) but no change.
Any assistance much appreciated.
I should add that we are not using any custom certificates, all the systems are using the automatically generate self-signed certs. All the systems involved can resolve each other and ping by name.
SRM Server at '1st_SRM_FQDN' cannot validate the following security certificate(s):
Host: '2nd_SRM_FQDN'
Thumbprint: 56:3B:6D:C6:A5:45:24:13:73:EF:71:06:A5:BD:CB:9D:87:5E:6D:9A
Host: 'SECONDARY_VCSA_FQDN'
Thumbprint: F1:F2:3D:EC:A5:AB:80:E2:6D:8E:92:07:84:F0:46:89:F6:DE:8C:38
Host: 'SECONDARY_PSC_NAME'
Thumbprint: F1:F2:3D:EC:A5:AB:80:E2:6D:8E:92:07:84:F0:46:89:F6:DE:8C:38
It could possibly be a port accessibility issue, despite the error messages seeming to point to certificate problems.
Can you please verify that vCenter on Site A can communicate with SRM on Site B over port 9086? And vice versa.
I believe you also need to have SRM connectivity from site to site over this port, although it's not specifically mentioned in the KB:
Can you share how did you fix the issue. We are also facing the same error.
Thanks,
Dinesh.