vmware support was troubleshooting a vsphere replication issue and on my SRM HQ site they changed the virtual appliance to have a self signed certificate. Now vcenter doesn't trust SRM and there are all kinds of errors in the pariing between SRMHQ and SRMDR.
I'm trying to get the certificate back on so I generated a CSR and submitted it to our Windows CA. I tried both DER and base 64 formats, but I just get a pop up error. Any idea how to get a cert loaded?
Specifying DER-encoded root and server certificate
ERROR
ERROR
http://127.0.0.1:9286/sdk invocation failed with "com.vmware.vim.vmomi.core.exception.MarshallException: Unable to append text element 0 }0 e
ïK Å;%8Ô
ï0
*H÷
0G1 0
&ò,d com1 0
&ò,d domainname1 0 U domainname-CA0
200914150924Z
241029170132Z01 0 U US1 0 U
California1 0 U Palo Alto1 0 U
Company Name 1 0 U IT1 0 U srmhq.domainname.com0 "0
*H÷
0
ÆðÎy,Z$ÀGô¿¨§Å þÛ~ md#ææðkÞ «Cm¦^U]A_ú þ÷3/Òxi"Ìa7½ l8÷Éì VÕá
ú8®y.#ãq&ûÞo-ñ hK $!°V ?/õ/Ëo»/ð TÐ×Û.5_ ¸Þ4äjÀa @]]º9i¾tT¥ ÉtL±@E^;¼Wd.PШȯ.)0&
|y¹Ño á 7Òað^ ¦lHdO uo>& ÿÌkæÌ»VÎ@3AÓ dÝLT¸Ã ±;@ gdì ; &M|HÃàm&Á Ø®pã}´¢¾i Á ÚN) £ &0 "0 U ð0+ U $0" srmhq.domainname.com srmhq
>0 U îë ³C `
6 #4ò gæ0 U # 0 Dß÷T£ ä ó · µ0 U ú0÷0ô ñ î³ldap:///CN=domainname-CA(1),CN=da,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domainname,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint6http://da.domainname.com/CertEnroll/domainname-CA(1).crl0 + 0 0 + 0 ldap:///CN=domainname-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domainname,DC=com?cACertificate?base?objectClass=certificationAuthority0S + 0 Ghttp://da.domainname.com/CertEnroll/da.domainname.com_domainname-CA(2).crt0= + 7 00. &+ 7 ÷Jûés¹ ûÍ>º|zƱ_©²6 d 0 U % 0 + + 0' + 7
0 0
+ 0
+ 0
*H÷
X:iR£Df®º Р˹|¿ò<ÝX¥}(^uxhÁÔ³|t©!Ç6o§3°ÕÍð² o¯>Û㣠R %W!àÕ© @¡÷Ø OÆÔ|~Ò%ãO û @Ì ä î EÞ$Ê=³ úôe´åã ¼y-Ú/äpkÂR(ýcÎ{{XC´²©Y^ ÈXcñ°a ûdÌÁ e Q E?äTÇ:B°Â> 0¡ëD¼Õ+ÂÙM£[¦ø4F
E®ÐõË ç·Ì XB¦è
fÆHÚ6OÊ]ðãëÍÐD 3¿Ó-H%V³!?¢Ë[| µ×D"
Unable to append text element 0 }0 e
ïK Å;%8Ô
ï0
*H÷
0G1 0
&ò,d com1 0
&ò,d domainname1 0 U domainname-CA0
200914150924Z
241029170132Z01 0 U US1 0 U
California1 0 U Palo Alto1 0 U
Company Name 1 0 U IT1 0 U srmhq.domainname.com0 "0
*H÷
0
ÆðÎy,Z$ÀGô¿¨§Å þÛ~ md#ææðkÞ «Cm¦^U]A_ú þ÷3/Òxi"Ìa7½ l8÷Éì VÕá
ú8®y.#ãq&ûÞo-ñ hK $!°V ?/õ/Ëo»/ð TÐ×Û.5_ ¸Þ4äjÀa @]]º9i¾tT¥ ÉtL±@E^;¼Wd.PШȯ.)0&
|y¹Ño á 7Òað^ ¦lHdO uo>& ÿÌkæÌ»VÎ@3AÓ dÝLT¸Ã ±;@ gdì ; &M|HÃàm&Á Ø®pã}´¢¾i Á ÚN) £ &0 "0 U ð0+ U $0" srmhq.domainname.com srmhq
>0 U îë ³C `
6 #4ò gæ0 U # 0 Dß÷T£ ä ó · µ0 U ú0÷0ô ñ î³ldap:///CN=domainname-CA(1),CN=da,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domainname,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint6http://da.domainname.com/CertEnroll/domainname-CA(1).crl0 + 0 0 + 0 ldap:///CN=domainname-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domainname,DC=com?cACertificate?base?objectClass=certificationAuthority0S + 0 Ghttp://da.domainname.com/CertEnroll/da.domainname.com_domainname-CA(2).crt0= + 7 00. &+ 7 ÷Jûés¹ ûÍ>º|zƱ_©²6 d 0 U % 0 + + 0' + 7
0 0
+ 0
+ 0
*H÷
X:iR£Df®º Р˹|¿ò<ÝX¥}(^uxhÁÔ³|t©!Ç6o§3°ÕÍð² o¯>Û㣠R %W!àÕ© @¡÷Ø OÆÔ|~Ò%ãO û @Ì ä î EÞ$Ê=³ úôe´åã ¼y-Ú/äpkÂR(ýcÎ{{XC´²©Y^ ÈXcñ°a ûdÌÁ e Q E?äTÇ:B°Â> 0¡ëD¼Õ+ÂÙM£[¦ø4F
E®ÐõË ç·Ì XB¦è
fÆHÚ6OÊ]ðãëÍÐD 3¿Ó-H%V³!?¢Ë[| µ×D
Invalid white space character (0x6) in text to output (in xml 1.1, could output as a character entity)
Invalid white space character (0x6) in text to output (in xml 1.1, could output as a character entity)
Operation ID: cd1edae0-8744-4fad-aed0-c67811f56ab8
Operation ID: cd1edae0-8744-4fad-aed0-c67811f56ab8
Specifying base 64 root and server certificate
ERROR
A specified parameter was not correct: certificate
Operation ID: 807f9484-c20c-44ab-8430-3f1d87039bea
Hi
Please try the following:
1. Upload the certificate chain to SRM appliance(Steps 1 to 6) --> How to Set Up a Trusted Environment for the Site Recovery Manager Virtual Appliance
2. Convert certificate to PKCS#12 format --> VMware Knowledge Base
Note: openssl tool is available on SRM appliance by default. You can just run openssl instead of openssl.exe
3. Run steps 7 and later once you have the certificate in PKCS#12 format.--> How to Set Up a Trusted Environment for the Site Recovery Manager Virtual Appliance
Hope that helps
I don't recall needing to do all of this when these virtual appliances were initially deployed.
The instructions are not very clear. Step 4 says copy the certificates to /etc/ssl/certs. Which certificates? My domain root ca? In what format? My windows CA can export in base64 or DER encoded file.
Why can't this be just create the CSR in the web gui, paste that in the windows CA, and then download the certificate trust, and split out the root cert and the website cert and just place them in the two fields? Every other SSL type hardware we have does it that way (HP iLO, Dell iDrac, printers, IIS webservers, and many many more).
In step.4 you need to create a certificate chain by creating a pem file. Please refer this document for instructions -->How to Create a .pem File for SSL Certificate Installations
Next step involves uploading SRM certificate in PKCS #12 format. This is one of the requirements --> Requirements When Using Custom SSL/TLS Certificates with Site Recovery Manager
Nope still doesn't work.
I went through all that roundabout trouble to get OpenSSL work through all of those steps one by one and still when you get to the web UI to take that .p12 file and supply the key that i created, it uploads and then this error message pops up in the lower right. A ticket was opened with vmware but they are VERY slow to respond and have yet to help me so thats why I've taken this to the forum. Thanks for your help and trying to assist, but I can't get it to work.
A general system error occurred: 30ConfigurationExceptionWithHost Received SOAP response fault from [<cs p:00007f1a24013ca0, TCP:dcuvcenter.domain.com:443>]: updateExtension lookup.fault.EntryNotFoundFault Host: dcuvcenter.domain.com Exit code: 9 [context]zKq7AVECAAQAALQ/4QAUZHJjb25maWcAAIvFGGxpYnZtYWNvcmUuc28AAaKLDGRyLWNvbmZpZ3VyYXRvcgABLn8MAS80DQJyDgJsaWJmdW5jdGlvbmFsLnNvAAM/NAZsaWJkci12bW9taS5zbwAEMisUbGlidm1vbWkuc28ABMYoFIW0KQoBbGlidmltLXR5cGVzLnNvAAaL2A1saWJ2Yy11dGlsLnNvAAbqLA0BS/sLAVFUCgHAXQoHSGUIbGliZHJjb25maWctdHlwZXMuc28AA7fTBQBRnikA/7opABo0NwiVdABsaWJwdGhyZWFkLnNvLjAA[/context] [backtrace begin] product: VMware vCenter Site Recovery Manager, version: 8.2.0, build: build-14761908, tag: drconfig, cpu: x86_64, os: linux, buildType: release backtrace[03] libvmacore.so[0x0018C58B]: Vmacore::Throwable::Throwable(std::string&&) backtrace[04] dr-configurator[0x000C8BA2] backtrace[05] dr-configurator[0x000C7F2E] backtrace[06] dr-configurator[0x000D342F] backtrace[07] libfunctional.so[0x00020E72]: Dr::ExceptionTranslatorListMixin::TranslateException(boost::shared_ptr<Dr::Connection::CisServiceEndpointInfo const> const&, Dr::ExceptionHolder const&) const backtrace[08] libdr-vmomi.so[0x0006343F] backtrace[09] libvmomi.so[0x00142B32]: Vmomi::StubImpl::_Invoke_Task(Vmomi::ManagedMethod*, std::vector<Vmacore::Ref<Vmomi::Any>, std::allocator<Vmacore::Ref<Vmomi::Any> > >&, Vmacore::Ref<Vmomi::Any>&) backtrace[10] libvmomi.so[0x001428C6]: Vmomi::StubImpl::_Invoke_Task(Vmomi::ManagedMethod*, std::vector<Vmacore::Ref<Vmomi::Any>, std::allocator<Vmacore::Ref<Vmomi::Any> > >&) backtrace[11] libvim-types.so[0x010A29B4]: Vim::ExtensionManagerStub::UpdateExtension(Vim::Extension*) backtrace[12] libvc-util.so[0x000DD88B]: Dr::Registrar::RegisterExtension(Dr::VcConnection*, Dr::AuthzConnection*, Vim::Extension*, bool, Vmacore::Service::Logger*) backtrace[13] libvc-util.so[0x000D2CEA]: LocalRegistrationManager::RegisterExtension(std::string const&, boost::optional<std::string> const&) backtrace[14] dr-configurator[0x000BFB4B] backtrace[15] dr-configurator[0x000A5451] backtrace[16] dr-configurator[0x000A5DC0] backtrace[17] libdrconfig-types.so[0x00086548] backtrace[18] libdr-vmomi.so[0x0005D3B7] backtrace[19] libvmacore.so[0x00299E51] backtrace[20] libvmacore.so[0x0029BAFF] backtrace[21] libvmacore.so[0x0037341A] backtrace[22] libpthread.so.0[0x00007495] [backtrace end] Caused by: (vmodl.fault.SystemError) faultCause = (vmodl.MethodFault) null, faultMessage = <unset>, reason = "Invalid fault" msg = "Received SOAP response fault from [<cs p:00007f1a24013ca0, TCP:dcuvcenter.domain.com:443>]: updateExtension lookup.fault.EntryNotFoundFault" [context]zKq7AVECAAQAALQ/4QAUZHJjb25maWcAAIvFGGxpYnZtYWNvcmUuc28AAb6gDmxpYnZtb21pLnNvAAHBih4BatQNAYwJEgGDDhICAzQGbGliZHItdm1vbWkuc28AATIrFAHGKBSDtCkKAWxpYnZpbS10eXBlcy5zbwAEi9gNbGlidmMtdXRpbC5zbwAE6iwNBUv7C2RyLWNvbmZpZ3VyYXRvcgAFUVQKBcBdCgZIZQhsaWJkcmNvbmZpZy10eXBlcy5zbwACt9MFAFGeKQD/uikAGjQ3[/context] [backtrace begin] product: VMware vCenter Site Recovery Manager, version: 8.2.0, build: build-14761908, tag: drconfig, cpu: x86_64, os: linux, buildType: release backtrace[03] libvmacore.so[0x0018C58B]: Vmacore::Throwable::Throwable(std::string&&) backtrace[04] libvmomi.so[0x000EA0BE] backtrace[05] libvmomi.so[0x001E8AC1]: Vmomi::Fault::SystemError::ThrowInternal() backtrace[06] libvmomi.so[0x000DD46A] backtrace[07] libvmomi.so[0x0012098C] backtrace[08] libvmomi.so[0x00120E83] backtrace[09] libdr-vmomi.so[0x00063403] backtrace[10] libvmomi.so[0x00142B32]: Vmomi::StubImpl::_Invoke_Task(Vmomi::ManagedMethod*, std::vector<Vmacore::Ref<Vmomi::Any>, std::allocator<Vmacore::Ref<Vmomi::Any> > >&, Vmacore::Ref<Vmomi::Any>&) backtrace[11] libvmomi.so[0x001428C6]: Vmomi::StubImpl::_Invoke_Task(Vmomi::ManagedMethod*, std::vector<Vmacore::Ref<Vmomi::Any>, std::allocator<Vmacore::Ref<Vmomi::Any> > >&) backtrace[12] libvim-types.so[0x010A29B4]: Vim::ExtensionManagerStub::UpdateExtension(Vim::Extension*) backtrace[13] libvc-util.so[0x000DD88B]: Dr::Registrar::RegisterExtension(Dr::VcConnection*, Dr::AuthzConnection*, Vim::Extension*, bool, Vmacore::Service::Logger*) backtrace[14] libvc-util.so[0x000D2CEA]: LocalRegistrationManager::RegisterExtension(std::string const&, boost::optional<std::string> const&) backtrace[15] dr-configurator[0x000BFB4B] backtrace[16] dr-configurator[0x000A5451] backtrace[17] dr-configurator[0x000A5DC0] backtrace[18] libdrconfig-types.so[0x00086548] backtrace[19] libdr-vmomi.so[0x0005D3B7] backtrace[20] libvmacore.so[0x00299E51] backtrace[21] libvmacore.so[0x0029BAFF] backtrace[22] libvmacore.so[0x0037341A] [backtrace end] A general system error occurred: Invalid fault
Operation ID: cc657daf-80de-41b9-a9b9-95c83e9193c1
It's returning error: lookup.fault.EntryNotFoundFault Host: dcuvcenter.domain.com
Please check if SRM can resolve vCenter address
yes, I SSH to the srmhq virtual appliance and I ran the ping command by name and it returns the correct IP address with a good ping.
Is it possible for you to share SRM config logs from /var/log/vmware/drconfig ?
I have a case open and I exported the log bundle for them. That drconfig log file is almost 7 megs. Quite a bit to sanitize. Let me see what support comes up with.