VMware Cloud Community
vmjim
Contributor
Contributor
‎01-16-2009 11:13 AM

'Unable to establish reciprocity' when trying to pair SRM sites

I have two VC (2.5 U3) sites each with SRM (1.1 U1) installed using the default certificate option. When I try to configure a connection from the Protected Site, the last step 'Unable to establish reciprocity' fails with the following error message on the screen: "Local and remote servers are using different certificate trust methods".

I'm following the SRM Admin Guide instructions carefully and I have installed the untrusted self signed SRM certificate, but still get the error.

Has anyone seen this problem before and resolved it?

Here are a few SRM log entries pertaining to the error:

SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host name used for the connection does not match the subject name on the host certificate

ProbeUrl found win2k3-vc3.strickland-inc.net:80//sdkTunnel(1) => 4B:A4:87:A2:7F:61:B2:70:E9:AE:DB:5E:9A:04:E3:8F:64:5B:79:CE true

Stored credentials, key='win2k3-vc3.strickland-inc.net', username='administrator'

VC Connection: Logging in as user 'administrator'

VC Connection: Logged in session BC73E519-4DC1-4432-94CA-51DB48A2484B

VC Connection: Logging out session BC73E519-4DC1-4432-94CA-51DB48A2484B

VC Connection: Logged out session BC73E519-4DC1-4432-94CA-51DB48A2484B

ProbeUrl for win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2)

SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host name used for the connection does not match the subject name on the host certificate

* The host certificate chain is not complete.

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host certificate chain is not complete.

ProbeUrl found win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2) => win2k3-vc3.strickland-inc.net 47:2B:5E:BF:DE:DF:64:81:8B:B6:74:08:B3:CC:0D:4D:67:47:33:2D false

Removing stored credentials associated with key='win2k3-vc3.strickland-inc.net'

ProbeUrl for win2k3-vc3.strickland-inc.net:80//sdkTunnel(1)

SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host name used for the connection does not match the subject name on the host certificate

ProbeUrl found win2k3-vc3.strickland-inc.net:80//sdkTunnel(1) => 4B:A4:87:A2:7F:61:B2:70:E9:AE:DB:5E:9A:04:E3:8F:64:5B:79:CE true

Stored credentials, key='win2k3-vc3.strickland-inc.net', username='administrator'

VC Connection: Logging in as user 'administrator'

VC Connection: Logged in session 4ECD7E47-4F2E-4546-9FA8-706D73280307

VC Connection: Logging out session 4ECD7E47-4F2E-4546-9FA8-706D73280307

VC Connection: Logged out session 4ECD7E47-4F2E-4546-9FA8-706D73280307

ProbeUrl for win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2)

SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host name used for the connection does not match the subject name on the host certificate

* The host certificate chain is not complete.

SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host certificate chain is not complete.

ProbeUrl found win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2) => win2k3-vc3.strickland-inc.net 47:2B:5E:BF:DE:DF:64:81:8B:B6:74:08:B3:CC:0D:4D:67:47:33:2D false

Removing stored credentials associated with key='win2k3-vc3.strickland-inc.net'

Task created

Adding task com.vmware.vcDr.ServiceInstance.AddRemoteSite-1

State set to running

Scheduling work item

Running work method

Created Inventory Mapper for site 'site-25'

Configuration parameter checkInterval is not specified

Check interval: 60 sec

Configuration parameter warningDelay is not specified

Time delay before raising low priority event: 120 sec

Configuration parameter panicDelay is not specified

Time delay before raising high priority event: 300 sec

Configuration parameter panicRepeatDelay is not specified

Time delay before raising repeated high priority event: 300 sec

Remote site instance added to the list.

Progress advanced to 10

Stored credentials, key='win2k3-vc3.strickland-inc.net', username='administrator'

VC Connection: Logging in as user 'administrator'

VC Connection: Logged in session F0A12872-7FA5-45EE-83A5-347BED241CB2

VC Connection: Logging out session F0A12872-7FA5-45EE-83A5-347BED241CB2

VC Connection: Logged out session F0A12872-7FA5-45EE-83A5-347BED241CB2

Removing stored credentials associated with key='win2k3-vc3.strickland-inc.net'

Server currently is removing site! (cross side call)

Failed to create remove paired remote site in CreateRemoteSite: Unexpected MethodFault (dr.fault.PairingInProgress) {

dynamicType = <unset>,

msg = ""

}

Work function threw MethodFault: dr.fault.IncompatibleCertificateTrust

Fault:

(dr.fault.IncompatibleCertificateTrust) {

dynamicType = <unset>,

msg = ""

}

Error set to (dr.fault.IncompatibleCertificateTrust) {

dynamicType = <unset>,

msg = ""

}

Tags (2)
0 Kudos
4 Replies
vmjim
Contributor
Contributor
‎01-16-2009 06:42 PM

I found an explanation of my error message using a google search, not a VMware web site search. However, the document google found is on vmware.com, go figure... I hope this help others with the same problem.

Preview file
814 KB
0 Kudos
vmjim
Contributor
Contributor
‎01-19-2009 11:12 AM

Now all I need is a VSR for LeftHand VSA version 8.

0 Kudos
JeffDrury
Hot Shot
Hot Shot
‎01-19-2009 11:22 AM

Do you mean an SRA? http://resources.lefthandnetworks.com/forms/VMware-LeftHand-SRA-Download

If you are looking at establishing a copy relationship to another VSA you need to make sure both VSA's are in unigue management groups and set up a remote copy relationship for the volume that contains your ESX data and you want SRM to protect. Once that relationship is established you can install SRM and the LeftHand SRA. During the SRA installation your volume should be recognized at both the primary and recovery sites.

0 Kudos
vmjim
Contributor
Contributor
‎01-19-2009 11:32 AM

Thanks but my problem was certificate based. I finially got a Microsoft Enterprise CA to issus a certificate for SRM and my sites connected. Mt two LeftHand management groups are working fine also.

I now have a new problem. I can't get my Array Manager configured. I think my problem is using Lefthand VSA version 8 with VSR version 7 with SRM 1 U1. I have posted another question on this...

0 Kudos