adenine
Contributor
Contributor

Found some error in SRM server log

Hi,

I am using vCenter Server Appliance 6.0 Update 1 with VMware-srm-6.1.0-3037005.


I found some error in SRM server log.

Dose anyone know how to solve this issue?

2016-11-22T16:08:50.734+08:00 [00248 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:50.734+08:00 [00248 verbose 'Vmacore::Xml::Security'] Verification of signature Reference URI: `#_e98444a0-b77e-49b1-993e-6e88655240af' ; is-valid: true

2016-11-22T16:08:50.734+08:00 [00248 verbose 'Vmacore::Xml::Security'] Missing reference count: 0

2016-11-22T16:08:50.734+08:00 [00248 verbose 'Vmacore::Xml::Security'] Verification of signature SignedInfo: is-valid: true

2016-11-22T16:08:50.734+08:00 [00248 verbose 'Default'] Found security token in request message

2016-11-22T16:08:50.734+08:00 [02804 trivia 'SsoClient'] opId=52c9510d-f67d-d07d-666b-a53e944107a3 START operation SecurityTokenServiceImpl::ValidateSubject

2016-11-22T16:08:50.734+08:00 [02804 trivia 'SsoClient'] Validating subject of token SamlToken [subject={Name: Administrator; Domain:VSPHERE.LOCAL}, groups=[{Name: Users; Domain:vsphere.local}, {Name: Administrators; Domain:vsphere.local}, {Name: CAAdmins; Domain:vsphere.local}, {Name: ComponentManager.Administrators; Domain:vsphere.local}, {Name: SystemConfiguration.Administrators; Domain:vsphere.local}, {Name: LicenseService.Administrators; Domain:vsphere.local}, {Name: Everyone; Domain:vsphere.local}], delegationChain=[], startTime=2016-11-22 08:08:59.183, expirationTime=2016-11-22 08:13:59.183, renewable=false, delegable=true, isSolution=false,confirmationType=0]

2016-11-22T16:08:50.828+08:00 [02804 trivia 'SsoClient'] Result: true

2016-11-22T16:08:50.828+08:00 [02804 trivia 'SsoClient'] opId=52c9510d-f67d-d07d-666b-a53e944107a3 END operation SecurityTokenServiceImpl::ValidateSubject

2016-11-22T16:08:50.828+08:00 [02864 info 'SessionManager'] Logged in remote site for session '52676', remote site = 'vcsa2.test.com' site-1026, principal = '{Name: Administrator; Domain:VSPHERE.LOCAL}', locale = 'en'

2016-11-22T16:08:50.968+08:00 [00248 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:50.968+08:00 [00248 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:51.218+08:00 [02864 verbose 'DrAuthorizationManager'] Normalizing 8 trusted principal names.

2016-11-22T16:08:51.420+08:00 [00428 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:51.420+08:00 [00428 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:51.810+08:00 [02804 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:51.810+08:00 [02804 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:52.013+08:00 [02804 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:52.013+08:00 [02804 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:52.575+08:00 [02180 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:52.575+08:00 [02180 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:52.949+08:00 [00428 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:52.949+08:00 [00428 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:53.043+08:00 [00428 verbose 'HttpConnectionPool-000000'] [RemoveConnection] Connection removed; cnx: <SSL(<io_obj p:0x000000000a1efc38, h:-1, <TCP '0.0.0.0:0'>, <TCP '192.168.139.172:443'>>)>; pooled: 13

2016-11-22T16:08:53.199+08:00 [02804 verbose 'SessionManager'] Logging into remote site with token. Remote site = 'site-1026', locale = 'en'

2016-11-22T16:08:53.199+08:00 [02804 error 'SessionManager'] SRM session '52676' is already logged in to remote site 'dr.site.RemoteSite:e050c009-2e34-4068-b1ad-dc5f27c8e3d3:site-1026'.

2016-11-22T16:08:54.681+08:00 [02180 verbose 'HttpConnectionPool-000000'] [RemoveConnection] Connection removed; cnx: <SSL(<io_obj p:0x000000000a1ee808, h:-1, <TCP '0.0.0.0:0'>, <TCP '192.168.139.172:443'>>)>; pooled: 12

2016-11-22T16:08:55.554+08:00 [02804 info 'DrSiteSiteManager' connID=371] Starting persistent connection monitoring

2016-11-22T16:08:55.554+08:00 [02804 verbose 'DrSiteSiteManager' connID=371] The newly started persistent connection is still waiting to connect

2016-11-22T16:08:55.554+08:00 [02804 verbose 'DrSiteSiteManager' connID=371] Dr::PersistentConnection::ConnectLocked: Attempting to connect

2016-11-22T16:08:55.554+08:00 [02864 verbose 'StubFactory' connID=371] Event broadcasted

2016-11-22T16:08:55.554+08:00 [02864 error 'HttpConnectionPool-000000'] [ConnectComplete] Connect failed to <cs p:000000000a44c680, TCP:192.168.139.172:443>; cnx: (null), error: class Vmacore::Ssl::SSLVerifyException(SSL Exception: Verification parameters:

--> PeerThumbprint: 50:84:CB:1C:AA:76:C7:57:A6:D2:0C:86:12:1D:35:09:F3:24:D2:3B

--> ExpectedThumbprint: Unknown command: `echo'

--> ExpectedPeerName: 192.168.139.172

--> The remote host certificate has these problems:

-->

--> * The host certificate chain is incomplete.

-->

--> * Host name does not match the subject name(s) in certificate.

-->

--> * unable to get local issuer certificate)

2016-11-22T16:08:55.586+08:00 [02804 warning 'Default'] Dr::Internal::StubExcTranslator : Error while calling stub for 'lookup.ServiceInstance:ServiceInstance'

--> std::exception 'class Vmacore::Ssl::SSLVerifyException' "SSL Exception: Verification parameters:

--> PeerThumbprint: 50:84:CB:1C:AA:76:C7:57:A6:D2:0C:86:12:1D:35:09:F3:24:D2:3B

--> ExpectedThumbprint: Unknown command: `echo'

--> ExpectedPeerName: 192.168.139.172

--> The remote host certificate has these problems:

-->

--> * The host certificate chain is incomplete.

-->

--> * Host name does not match the subject name(s) in certificate.

-->

--> * unable to get local issuer certificate"

2016-11-22T16:08:55.648+08:00 [02804 warning 'DrSiteSiteManager' connID=371] Failed to connect: (dr.fault.CertificateNotTrustedByDr) {

-->    faultCause = (dr.fault.CertificatePartialChain) {

-->      faultCause = (vmodl.MethodFault) null,

-->      name = "vcsa1.test.com",

-->      uuid = "e050c009-2e34-4068-b1ad-dc5f27c8e3d3",

-->      address = "192.168.139.172",

-->      port = "443",

-->      reason = (vmodl.MethodFault) null,

-->      msg = ""

-->    },

-->    name = "vcsa1.test.com",

-->    uuid = "e050c009-2e34-4068-b1ad-dc5f27c8e3d3",

-->    address = "192.168.139.172",

-->    port = "443",

-->    reason = (vmodl.MethodFault) null,

-->    msg = ""

--> }

Thanks.

Tags (1)
1 Reply
admin
Immortal
Immortal

If you are using custom certificates, this part may be relevant:

Host name does not match the subject name(s) in certificate.

When you run through the installation wizard of SRM, you must provide the local host at step 7 here

Site Recovery Manager 6.1 Documentation Center

That value should match with your certificate:

The host identifier in the certificate must match the Site Recovery Manager Server local host address that you specify when you install Site Recovery Manager.

Site Recovery Manager 6.1 Documentation Center

However, I haven't seen the below error before. Did you use scripts during install of server maybe, or in generating certs:

--> ExpectedThumbprint: Unknown command: `echo'