I have two VC (2.5 U3) sites each with SRM (1.1 U1) installed using the default certificate option. When I try to configure a connection from the Protected Site, the last step 'Unable to establish reciprocity' fails with the following error message on the screen: "Local and remote servers are using different certificate trust methods".
I'm following the SRM Admin Guide instructions carefully and I have installed the untrusted self signed SRM certificate, but still get the error.
Has anyone seen this problem before and resolved it?
Here are a few SRM log entries pertaining to the error:
SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!
SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:
* The host name used for the connection does not match the subject name on the host certificate
ProbeUrl found win2k3-vc3.strickland-inc.net:80//sdkTunnel(1) => 4B:A4:87:A2:7F:61:B2:70:E9:AE:DB:5E:9A:04:E3:8F:64:5B:79:CE true
Stored credentials, key='win2k3-vc3.strickland-inc.net', username='administrator'
VC Connection: Logging in as user 'administrator'
VC Connection: Logged in session BC73E519-4DC1-4432-94CA-51DB48A2484B
VC Connection: Logging out session BC73E519-4DC1-4432-94CA-51DB48A2484B
VC Connection: Logged out session BC73E519-4DC1-4432-94CA-51DB48A2484B
ProbeUrl for win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2)
SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!
SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:
* The host name used for the connection does not match the subject name on the host certificate
* The host certificate chain is not complete.
SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:
* The host certificate chain is not complete.
ProbeUrl found win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2) => win2k3-vc3.strickland-inc.net 47:2B:5E:BF:DE:DF:64:81:8B:B6:74:08:B3:CC:0D:4D:67:47:33:2D false
Removing stored credentials associated with key='win2k3-vc3.strickland-inc.net'
ProbeUrl for win2k3-vc3.strickland-inc.net:80//sdkTunnel(1)
SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!
SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:
* The host name used for the connection does not match the subject name on the host certificate
ProbeUrl found win2k3-vc3.strickland-inc.net:80//sdkTunnel(1) => 4B:A4:87:A2:7F:61:B2:70:E9:AE:DB:5E:9A:04:E3:8F:64:5B:79:CE true
Stored credentials, key='win2k3-vc3.strickland-inc.net', username='administrator'
VC Connection: Logging in as user 'administrator'
VC Connection: Logged in session 4ECD7E47-4F2E-4546-9FA8-706D73280307
VC Connection: Logging out session 4ECD7E47-4F2E-4546-9FA8-706D73280307
VC Connection: Logged out session 4ECD7E47-4F2E-4546-9FA8-706D73280307
ProbeUrl for win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2)
SSLVerifyCertAgainstSystemStore: Subject mismatch: win2k3-vc3.strickland-inc.net vs ThisHadBetterNotBeAValidHostName!!
SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:
* The host name used for the connection does not match the subject name on the host certificate
* The host certificate chain is not complete.
SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:
* The host certificate chain is not complete.
ProbeUrl found win2k3-vc3.strickland-inc.net:80/win2k3-vc3.strickland-inc.net:8095(2) => win2k3-vc3.strickland-inc.net 47:2B:5E:BF:DE:DF:64:81:8B:B6:74:08:B3:CC:0D:4D:67:47:33:2D false
Removing stored credentials associated with key='win2k3-vc3.strickland-inc.net'
Adding task com.vmware.vcDr.ServiceInstance.AddRemoteSite-1
Created Inventory Mapper for site 'site-25'
Configuration parameter checkInterval is not specified
Configuration parameter warningDelay is not specified
Time delay before raising low priority event: 120 sec
Configuration parameter panicDelay is not specified
Time delay before raising high priority event: 300 sec
Configuration parameter panicRepeatDelay is not specified
Time delay before raising repeated high priority event: 300 sec
Remote site instance added to the list.
Stored credentials, key='win2k3-vc3.strickland-inc.net', username='administrator'
VC Connection: Logging in as user 'administrator'
VC Connection: Logged in session F0A12872-7FA5-45EE-83A5-347BED241CB2
VC Connection: Logging out session F0A12872-7FA5-45EE-83A5-347BED241CB2
VC Connection: Logged out session F0A12872-7FA5-45EE-83A5-347BED241CB2
Removing stored credentials associated with key='win2k3-vc3.strickland-inc.net'
Server currently is removing site! (cross side call)
Failed to create remove paired remote site in CreateRemoteSite: Unexpected MethodFault (dr.fault.PairingInProgress) {
Work function threw MethodFault: dr.fault.IncompatibleCertificateTrust
(dr.fault.IncompatibleCertificateTrust) {
Error set to (dr.fault.IncompatibleCertificateTrust) {
Now all I need is a VSR for LeftHand VSA version 8.
Do you mean an SRA? http://resources.lefthandnetworks.com/forms/VMware-LeftHand-SRA-Download
If you are looking at establishing a copy relationship to another VSA you need to make sure both VSA's are in unigue management groups and set up a remote copy relationship for the volume that contains your ESX data and you want SRM to protect. Once that relationship is established you can install SRM and the LeftHand SRA. During the SRA installation your volume should be recognized at both the primary and recovery sites.
Thanks but my problem was certificate based. I finially got a Microsoft Enterprise CA to issus a certificate for SRM and my sites connected. Mt two LeftHand management groups are working fine also.
I now have a new problem. I can't get my Array Manager configured. I think my problem is using Lefthand VSA version 8 with VSR version 7 with SRM 1 U1. I have posted another question on this...