5 Replies Latest reply on Dec 24, 2019 7:15 AM by mc1903cae

    Unable to enable network encryption in vSphere Replication 8.2

    Bill Oyler Enthusiast

      I upgraded from vSphere Replication 8.1 to vSphere Replication 8.2, but I cannot seem to find a way to enable the new checkbox "Enable encryption for VR data".  I read through the documentation (Network Encryption of Replication Traffic ) and looked for the presence of the VIB "vmware-hbr-agent", but this VIB was apparently not installed on the ESXi hosts.  Is there a manual way to install this VIB?  Does the VIB not get installed for upgrades from VR 8.1 to 8.2?  The only VIB that appears to have been installed is "vr2c-firewall" (  Does anyone know how to install "vmware-hbr-agent"?




        • 1. Re: Unable to enable network encryption in vSphere Replication 8.2
          daphnissov Guru
          vExpertCommunity Warriors

          If that VIB wasn't installed on your ESXi host(s), you more than likely have a config problem on your hands. Have you rebooted the ESXi host? The vR appliance should discover it and query its MOB for the extensions registered by vR and prep them if not found.

          • 2. Re: Unable to enable network encryption in vSphere Replication 8.2
            Bill Oyler Enthusiast

            Yes, I rebooted several ESXi hosts.  The vSphere Replication Appliance pushes down the vr2c-firewall VIB (v8.2.0.5495-13479329) on all (9) ESXi hosts, but none of the ESXi hosts have received the vmware-hbr-agent VIB, even after ESXi host reboots.  I also rebooted the vSphere Replication Appliances and vCenter Servers.  There are (3) vSphere Replication Appliances, (3) vCenter Servers, and (9) ESXi hosts.  vSphere Replication is working great and the above firewall VIB is running v8.2.x across the board, but the vmware-hbr-agent VIB doesn't seem to want to get installed anywhere.  Note that this was an upgrade from VR 8.1 to 8.2 using the ISO image attached to the Virtual CD-ROM of the VRA 8.1 VM.  I have not yet tried a "fresh install" of VR 8.2 but I'll probably try that next...

            • 3. Re: Unable to enable network encryption in vSphere Replication 8.2
              Nodnarb Novice

              I had the same issue. I also wanted to replicate encrypted VMs between sites. When using the replication wizard, I got the error "VMCrypt capability is enabled for the source VM, but LWDS capability is not. The VM cannot be replicated. The hbr-agent might be missing or is not running on the source ESXi." on step 4 Replication Settings.


              I opened a support ticket and the short version is they often see VR not pushing the VIB down to the ESXi hosts and don't know why but plan to fix it in the future.


              For now, you can use these steps to manually deploy to your ESXi hosts.


              1. Enable SSH on all the ESXi hosts in your cluster where VR is being used.
              2. Log onto your VR appliance as root at the console. You can try running /usr/bin/enable-sshd.sh, but even after that I still couldn't ssh into it. Kept getting bad user/pass, even though I was very sure I put in the credentials correctly. SSH into VR isn't necessary for these steps.
              3. On your VR console, CD to /opt/vmware/hbr/vib. Inside you should find vmware-hbr-agent-<version>.vib
              4. Use SCP to copy the vib from the VR appliance directly to you ESXi hosts that have SSH enabled. In this example we'll copy it to /tmp. The syntax is:
                scp vmware-hbr-agent-<version>.vib root@<esxihost>:/tmp
              5. Type yes when prompted and enter your ESXi host's root password when prompted.
              6. Repeat the scp step for each ESXi host.
              7. Log on to each ESXi host and run the command to install the vib. I didn't need to put my hosts into maintenance mode to do it and wasn't prompted to reboot.
                esxcli software vib install -v /tmp/vmware-hbr-agent-<version>.vib
              8. When running the command above, enter the full path to the .vib or you'll get an error even if you're running the command in the same directory as the .vib.
              9. Disable SSH on your ESXi hosts and try the replication wizard again.
              2 people found this helpful
              • 4. Re: Unable to enable network encryption in vSphere Replication 8.2
                Bill Oyler Enthusiast

                Thanks for sharing!  That was exactly the work-around needed.  Spot on!

                • 5. Re: Unable to enable network encryption in vSphere Replication 8.2
                  mc1903cae Enthusiast

                  To save you the hassle of pushing the vib to each ESXi host, you can also install it by pulling it directly from the VRMA via HTTPS.



                  SSH to the ESXi Host and temporarily disable it's firewall:


                        esxcli network firewall set --enabled=false


                  Install the vib: (NOTE: vmware-hbr-agent.vib is an alias for /opt/vmware/hbr/vib/vmware-hbr-agent-{version-build}.vib - which in my case is vmware-hbr-agent-6.8.6-1.1.14221959.i386.vib)


                       esxcli software vib install -v https://{VRMA IP or FQDN}:8043/vib/vmware-hbr-agent.vib


                  The installation can take a minute. Nothing is displayed on screen until it is complete.


                  Don't forget to re-enable the firewall:


                        esxcli network firewall set --enabled=true





                  If you are replicating to the cloud you can also install the vr2c-firewall.vib in the same way. It's URL is https://{VRMA IP or FQDN}:8043/vib/vr2c-firewall.vib



                  Hope this helps someone.



                  1 person found this helpful