Error "Local and remote servers are using differen...

tarasmandryk · ‎08-17-2011

I have an issue with replacement certificates on VMware Site Recovery Manager (SRM).

We have 2 symmetrical sites.

– VMware Site Recovery 4.1.1 running on a separate VM, Microsoft Windows Server 2008 R2, AD integrated (on each site);

– vCenter Server 4.1u1 on a separate VM, Microsoft Windows Server 2008 R2, AD integrated (on each site);

– SRM DB and vCenter Server DB are located on a separate VM, where Microsoft SQL Server 2008 Enterprise SP1 x64 is running, Microsoft Windows Server 2008 R2, AD integrated (On each site).

vCenter Servers work in Linked Mode.

DNS is used for vCenter.

vCenter Server and SRM Server are members of the domain.

I’ve successfully installed SSL certificates issued by a trusted certificate authority (CA) on the vCenter Servers that support SRM, on the VUM server and on the ESXi hosts.

CA is Microsoft AD Certificate Service. It was configured according Microsoft KB [http://support.microsoft.com/kb/931351] for setting the Subject Alternative Name.

I've generated correct certificates for both SRM hosts.

To replace default certificate I did commands:

srm-config.exe -cmd confcertbased -sitename "Main Site" -cfg ..\config\vmware-dr.xml -extcfg ..\config\extension.xml -vc [main site vCenter Server FQDN] -u [username] -crt c:\ssl\rui.pfx (on main site)

srm-config.exe -cmd confcertbased -sitename "Recovery Site" -cfg ..\config\vmware-dr.xml -extcfg ..\config\extension.xml -vc [reserve site vCenter Server FQDN] -u [username] -crt c:\ssl\rui.pfx (on main site) (on second site)

Commands executed successfully.

On both sites I modified the extension.xml files to replace each occurrence of the SRM server's IP address with the fully-qualified domain name of the SRM server hosts.

After that I did commands:

srm-config -cmd updateext -cfg ../config/vmware-dr.xml -extcfg ../config/extension.xml

on both sites and restarted the SRM services on the SRM server hosts.

When I try to configure connection to Remote Site in the SRM, I get a message "Local and remote servers are using different certificate trust methods".

Any suggestions?

vmroyale · ‎08-17-2011

Hello.

See if kb 1016175 if of any help.

Good Luck!

mal_michael · ‎08-17-2011

Hi,

Have you seen this KB:

Requirements when using trusted certificates with VMware Site Recovery Manager

and the document:

http://communities.vmware.com/docs/DOC-11411

?

Ensure that you have generated according to all requirements.

Michael.

tarasmandryk · ‎08-17-2011

Hi.

I've done all the recommendations from kb 1016175.

But it does not help.

Anyway, thanks for the willingness to help.

tarasmandryk · ‎08-18-2011

I've generated correct certificates with vmware technical support (certificates contain "client authentication" field, correct "Subject Alternative Name" etc. - see attached file).

In any case, I'm going to doublecheck. Thank you!

MarchionniEnzo · ‎10-28-2011

tarasmandryk friend

Will I be able to pass the value of field "Key Usage"?

I get an exclamation point as you appear your "Basic Constraints"

Do you have any details on how to run either the SAN and pooc more details of the resolution which passed the technical support you?
I place in the generated certificate request with openssl but when I signed with theMicrosoft CA does not have that field.

Marchionni, Enzo Augusto Virtual Architect of Tenaris (HP) Freelance writer of RedUsers Technology Manager of CMarchionni

All

Error "Local and remote servers are using different certificate trust methods"