Hi
Have a ESX 3.5 implementation running a VM vCentre.
We have to change passwords for our service accounts as part of our security requirements.
After the password change SRM stopped working, the service VMWare Site Recovery Manager Service will not start.
The Rest of the ESX function works with no issues (update
manager etc...) The log file seems to suggest that the service account is the
problems but Vi client works fine (the srm plugin will not install or connect
to the SRM server. SQL SRM database has
been verified as functioning. From VI
client get error "connection to the local site recovery manager at https://xx.xxx.xxx.186:8059/dr
failed."
sample of log file:
0:29.703 'TestProvider' 1252 info] Provider 'TestProvider'
has MoRef 'dr.SecondaryTestProvider:secondary-test-provider'.
[2008-12-18 15:40:29.703 'SecondaryReplication' 1252
info] Registered provider 'TestProvider'
2008-12-18 15:40:29.703 'TestProvider' 1252 info Plugin
started.
2008-12-18 15:40:29.718 'DrServiceInstance' 1252 info
LocalSite already installed - Good!
2008-12-18 15:40:31.531 'App' 1252 info
Vmacore::InitSSL: doVersionCheck = true, handshakeTimeoutUs = 120000000
2008-12-18 15:40:31.546 'MainVcConnection' 1252 info VC
Connection: Logging in as user 'kmh\svc_vmwarevc'
2008-12-18 15:40:31.625 'MainVcConnection' 1252 warning
Failed to login to VC: Unexpected MethodFault (vim.fault.InvalidLogin) {
dynamicType = <unset>,
msg =
"Login failed due to a bad username or password."
}
[2008-12-18 15:40:31.640 'DrServiceInstance' 1252
warning] Initializing service content: Unexpected MethodFault
(vim.fault.InvalidLogin) {
dynamicType =
<unset>,
msg =
"Login failed due to a bad username or password."
Now initially vmware technical support said the only way to rectify this problem is to rebuild SRM. This is not acceptable. SRM has taken quite some time to configure and with no SRM configuration export tool I need a fix for this simple password change.
Vmware technical suggested the following fix to try on the vCenter server:
After few more research I found something interesting.
It's like a command has been shipped to allow you to change the password.
To do that, on the SRM Server open a command prompt, go
to "C:\Program Files\VMware\VMware Site Recovery Manager\bin" and
depending on the version of SRM it should be either:
srm-config.exe -cmd updateuser -cfg
..\config\vmware-dr.xml -u <userID>
or
srm-config.exe -cmd confuserbased -cfg ..\config\vmware-dr.xml
-sitename <siteName> -vc <vcIP> -u <userID>
I could not get it working on my side due to certificate
issue but if you're using your own certificate authority it should work.
So for my environment we had to execute the following based on the instruction above, we are using self certificates.
NOTE: the "-vc" switch needs the name of the vCentre server, which should be "servervc01" BUT this seems to conflict with the self certificate in the vCentre. The certificate has been issued just to a generic "vmware" rather than the name of the actual vCentre server. So to actually make this command work I had to put an entry in the server host file that points the "vmware" name to itself (like a localhost). See below:
D:\Program Files\VMware\VMware Site Recovery
Manager\bin>srm-config.exe -cmd confuserbased -cfg ..\config\vmware-dr.xml
-sitename building1 -vc vmware -u svc_vc
I get the following:
D:\Program Files\VMware\VMware Site Recovery
Manager\bin>srm-config.exe -cmd con fuserbased -cfg ..\config\vmware-dr.xml
-sitename building1 -vc vmware -u svc _vc
2009-01-07 16:12:27.209 'App' 740 info Current working
directory: D:\Program F iles\VMware\VMware Site Recovery Manager\bin
2009-01-07 16:12:27.224 'BaseLibs' 740 info HOSTINFO:
Seeing Intel CPU, numCor esPerCPU 4 numThreadsPerCore 1.
2009-01-07 16:12:27.224 'BaseLibs' 740 info HOSTINFO:
numPhysCPUs is 0, bumpin g to 1.
2009-01-07 16:12:27.224 'BaseLibs' 740 info HOSTINFO:
This machine has 1 physi cal CPUS, 2 total cores, and 2 logical CPUs.
2009-01-07 16:12:27.365 'BaseLibs' 740 info Using
system libcrypto, version 90 70AF
2009-01-07 16:12:29.021 'SRM config tool' 740 info
Vmacore::InitSSL: doVersion Check = true, handshakeTimeoutUs = 120000000 Enter
password for username svc_vmwarevc:
2009-01-07 16:12:43.006 'BaseLibs' 740 warning
SSLVerifyCertAgainstSystemStore
: Subject mismatch: VMware vs
ThisHadBetterNotBeAValidHostName!!
2009-01-07 16:12:43.006 'BaseLibs' 740 warning SSLVerifyCertAgainstSystemStore
: The remote host certificate has these problems:
the subject name on the h ost certificate
2009-01-07 16:12:43.053 'SRM config tool' 740 info VC
Connection: Authenticati ng unprivileged user 'svc_vmwarevc'
2009-01-07 16:12:43.084 'SRM config tool' 740 info VC
Connection: Logged in!
2009-01-07 16:12:43.099 'SRM config tool' 740 verbose
VC Connection: Logged ou t
2009-01-07 16:12:43.115 'CredentialsStore' 740 verbose
Stored credentials, key ='vmware', username='svc_vmwarevc'
Command executed successfully.
This all looks sorta okay BUT the "VMWare Site Recovery Manager Service" still will not start. After trying the SRM service restart and failing the log file has this entry:
*The last srm vmware log shows (c:\document and
settings\all users\application data\vmware\vmware site recovery manager\logs*
Log for VMware Site Recovery Manager, pid=3816,
version=1.0.0, build=build-97878, option=Release, section=2
2009-01-07 16:13:25.318 'App' 3820 warning Failed to
create console writer
2009-01-07 16:13:25.318 'App' 3832 info Intializing the
DBManager
2009-01-07 16:13:25.459 'App' 3832 info Current working
directory: D:\Program Files\VMware\VMware Site Recovery Manager\bin
2009-01-07 16:13:25.459 'ThreadPool' 3832 verbose
TaskMax=10, IoMin=1, IoMax=21
2009-01-07 16:13:25.459 'App' 3832 info Trying
DrExternalRecoveryApi
2009-01-07 16:13:25.459 'App' 3832 verbose Plugin 0
path: dr-external-recovery-api.dll
2009-01-07 16:13:25.459 'App' 3832 verbose Plugin 0
absolute path: D:\Program Files\VMware\VMware Site Recovery
Manager\bin\dr-external-recovery-api.dll
2009-01-07 16:13:25.459 'App' 3832 info Trying
RecoverySecondary
2009-01-07 16:13:25.474 'App' 3832 verbose Plugin 1
path: dr-secondary-recovery.dll
2009-01-07 16:13:25.474 'App' 3832 verbose Plugin 1
absolute path: D:\Program Files\VMware\VMware Site Recovery
Manager\bin\dr-secondary-recovery.dll
2009-01-07 16:13:25.474 'App' 3832 info Trying
SanProvider
2009-01-07 16:13:25.474 'App' 3832 verbose Plugin 2
path: dr-san-provider.dll
2009-01-07 16:13:25.474 'App' 3832 verbose Plugin 2
absolute path: D:\Program Files\VMware\VMware Site Recovery Manager\bin\dr-san-provider.dll
2009-01-07 16:13:25.474 'App' 3832 info Trying
TestProvider
2009-01-07 16:13:25.474 'App' 3832 verbose Plugin 3
path: dr-test-provider.dll
2009-01-07 16:13:25.474 'App' 3832 verbose Plugin 3
absolute path: D:\Program Files\VMware\VMware Site Recovery
Manager\bin\dr-test-provider.dll
2009-01-07 16:13:25.474 'SrmServiceInstance' 3832 info
DrExtApi Service Instance is initialized.
[2009-01-07 16:13:25.474 'DrExternalRecoveryApi' 3832
info] Plugin started.
2009-01-07 16:13:25.474 'SanProvider' 3832 info
Provider 'SanProvider' has MoRef
'dr.primary.SanReplicationProvider:PrimarySanProvider'.
2009-01-07 16:13:25.474 'Replication' 3832 info
Registered provider 'SanProvider'
2009-01-07 16:13:25.474 'SanProvider' 3832 info
Provider 'SanProvider' has MoRef
'dr.secondary.SanReplicationProvider:SecondarySanProvider'.
[2009-01-07 16:13:25.474 'SecondaryReplication' 3832
info] Registered provider 'SanProvider'
2009-01-07 16:13:25.474 'SanProvider' 3832 info Plugin
started.
2009-01-07 16:13:25.474 'TestProvider' 3832 info
Provider 'TestProvider' has MoRef
'dr.PrimaryTestProvider:primary-test-provider'.
2009-01-07 16:13:25.474 'Replication' 3832 info
Registered provider 'TestProvider'
2009-01-07 16:13:25.474 'TestProvider' 3832 info
Provider 'TestProvider' has MoRef
'dr.SecondaryTestProvider:secondary-test-provider'.
[2009-01-07 16:13:25.474 'SecondaryReplication' 3832
info] Registered provider 'TestProvider'
2009-01-07 16:13:25.474 'TestProvider' 3832 info Plugin
started.
2009-01-07 16:13:25.490 'DrServiceInstance' 3832 info
LocalSite already installed - Good!
2009-01-07 16:13:27.349 'App' 3832 info
Vmacore::InitSSL: doVersionCheck = true, handshakeTimeoutUs = 120000000
2009-01-07 16:13:27.381 'MainVcConnection' 3832 info VC
Connection: Logging in as user 'svc_vmwarevc'
2009-01-07 16:13:27.428 'MainVcConnection' 3832 info VC
Connection: Logged in!
2009-01-07 16:13:27.474 'App' 3832 error Extension
com.vmware.vcDr specifies a server with invalid proxy information
2009-01-07 16:13:27.474 'DrServiceInstance' 3832 error
Registration with the local VC server is not valid
[2009-01-07 16:13:27.474 'DrServiceInstance' 3832
warning] Initializing service content: Unexpected exception 'class
Vmacore::Exception' Registration with the local VC server is not valid
2009-01-07 16:13:27.474 'App' 3832 error Application
error: Registration with the local VC server is not valid. Shutting down ...
2009-01-07 16:13:27.584 'App' 3828 info
vmware-dr service stopped
And now I am stuck again. I think I am going in the right direction but the interation of certificate and the srm-config.exe tool may have something to do with it.
I just think this is just bleeding stupid that simply changing the service account password causes such a problem, this should be simply a basic function.
Anyway
Can anyone suggest or help??
Thanks
Yin
