I'm trying to get SRM setup at home to refresh my memory on it.
Setup as follows:
Site 1:
3x SuperMicro hosts running vSAN and a vCenter appliance. All at 6.7U2.
Site 2:
1x Intel NUC and a vCenter appliance. Again, at 6.7U2.
vCenter is in Linked mode and working fine. I can vMotion between the two etc.
Two SRM appliances deployed in the same way.
Appliance 1, can register fine with the vCenter server in the first site (called vcenter1.chris.local).
Appliance 1 cannot register with the vCenter server in the second site (called vcenter2.chris.local).
Appliance 2 can register fine with the vCenter server in the first site.
Appliance 2 cannot register with the vCenter server in the second site.
In the UI I see the following error after I accept the certificate for the second vCenter server.
" A specified parameter was not correct: connection.thumbprint"
The issue appear certificate related. This is a tail of the /var/log/vmware/srm/drconfig-2.log file:
2019-05-28T06:47:34.139Z warning drconfig[00882] [SRM@6876 sub=Libs] SSL_VerifyCbHelper: Certificate verification is disabled, so connection will proceed despite the error 2019-05-28T06:47:34.145Z verbose drconfig[01398] [SRM@6876 sub=vmomi.soapStub[11] opID=c9ce0a75-3f71-4382-bd54-723055e03259-listVcServices] Resetting stub adapter for server <cs p:00007f3df4016ab0, TCP:vcenter2.chris.local:443> : Closed 2019-05-28T06:47:34.146Z verbose drconfig[01398] [SRM@6876 sub=vmomi.soapStub[10] opID=c9ce0a75-3f71-4382-bd54-723055e03259-listVcServices] Resetting stub adapter for server <cs p:00007f3df4004780, TCP:vcenter2.chris.local:443> : Closed 2019-05-28T06:47:37.839Z verbose drconfig[00885] [SRM@6876 sub=ProbeSsl.Url.DrConfigSslCertificateManager] Established TCP connection to 'vcenter2.chris.local:443' 2019-05-28T06:47:37.844Z warning drconfig[00879] [SRM@6876 sub=ProbeSsl.Url.DrConfigSslCertificateManager] SSL client handshake to 'vcenter2.chris.local:443' failed. --> N7Vmacore3Ssl18SSLVerifyExceptionE SSL Exception: Verification parameters: --> PeerThumbprint: 93:98:0A:06:54:BA:58:FD:77:E2:B1:99:B0:84:11:3C:6A:E6:35:5E --> ExpectedThumbprint: --> ExpectedPeerName: vcenter2.chris.local --> The remote host certificate has these problems: --> --> * unable to get local issuer certificate 2019-05-28T06:47:41.270Z verbose drconfig[01338] [SRM@6876 sub=ProbeSsl.Url.Default] Established TCP connection to 'vcenter1.chris.local:443' 2019-05-28T06:47:41.276Z warning drconfig[00879] [SRM@6876 sub=ProbeSsl.Url.Default] SSL client handshake to 'vcenter1.chris.local:443' failed. --> N7Vmacore3Ssl18SSLVerifyExceptionE SSL Exception: Verification parameters: --> PeerThumbprint: 87:C0:18:74:EA:C9:4E:C1:02:5F:B6:84:B1:DB:01:43:7F:E4:F9:D2 --> ExpectedThumbprint: --> ExpectedPeerName: vcenter1.chris.local --> The remote host certificate has these problems: --> --> * unable to get local issuer certificate
Certificates are my weak point I must admit and something I need to spend some time on. Although linked mode is working, do I need to export the certificates of both vCSA's and import them into one another before this can work? As from the log, although I'm registering with the second site, I can see it checking the certificate of the first.
I have tried this multiple times and every time it's always an issue with the second vCenter server. Am I doing something drastically wrong?
Well, this turned out to be a browser/cache issue. It's now all working.