VMware Cloud Community
wanderson216
Enthusiast
Enthusiast
‎03-21-2018 08:13 AM
Jump to solution

vSphere Replication can't authenticate

Hello -

I had two vSphere Replication Appliances setup between DR and PROD. The DR one went a bit haywire and wouldn't let me authenticate to it from PROD. So, I decided to just rebuild it. I removed everything from /MOB, disconnected the sites etc etc. I got the DR one back up, but it's doing the same thing in PROD. More specifically:

  • I go to the PROD data center > Configure > vSphere Replication > Target Sites
  • It shows the DR appliance as "Not authenticated" under status.
  • If I look at it in the reverse: everything is authed.

Both VCSA's are 6.5.0.14100 Build Number 7801515

Both vSphere Replication Appliances are 6.5.1.2243 Build 7184803

I'm using the administrator SSO account

The password is correct

I can auth in the other direction

I did notice some weird GUID looking error when I tried to auth while configuring a replication. I think it's a cert problem somewhere...


Thanks,

Ward

1 Solution

Accepted Solutions
VishShah
VMware Employee
VMware Employee
‎03-21-2018 10:00 AM
Jump to solution

I believe when you refresh or re-start the Replication Services from Prod Replication VAMI it should change the correct state VM Replication.

To resolve this perform these below steps at Prod Replication Site before that you may try Replacing Replication certs to check that if that helps, From the VAMI page re-generated the certificates using generate and install option the Save & Restart > then Restart the vCenter Server & vSphere Web Client Services > Try Authenticating the Sites, If no go then use these below steps, finally if it does not fix the issue re-install replication at Prod Site.

> Unregister the affected Site Replication Server appliances with their vCenter's by logging into vSphere replication appliance vami :5480 page.

> Remove the Replication from vCenter Server Mob -- unregister vSphere replication with vCenter MOB by using KB https://kb.vmware.com/s/article/1025360

1) Login to vCenter/mob from browser.

2) Select "content".

3) Select"ExtentionManager".

4) Select"UnregisterExtension". (Open new window)

5) Input "com.vmware.vcHms" to "VALUE" and clieck "Invoke Method".

6) Close new Diaglog Box.

7) Close Extention Manager Window for vCenter Server.

😎 Restart vCenter Server & Web Client Services

> Remove the solution user for vSphere replication by logging into vSphere web client administration > >User & groups > >Solution users.

1. Log in to the vSphere Web Client as administrator@vsphere.local  or as any another user with vCenter Single Sign-On administrator privileges.

Users with vCenter Single Sign-On administrator privileges are in the Administrators group in the vsphere.local domain.

2.Click Home, and browse to Administration > Single Sign-On > Users and Groups.

3.Click the Solution Users tab, and click the solution user name.

4.Click the Delete Solution User icon.

5.Click Yes.

> Restart the corresponding vCenter Server & vSphere Web Client Services

> Login to vSphere Replication VAMI page and then re-register it again, This should create a fresh solution user for vSphere solution user

Note: Removing the association of Replication from vCenter Server MOB does not make a serious impact vCenter creates a Snapshot of vCenter Server & Replication to be on the safer side.

Regards Vishwajit Shah Skyline Support Moderator VCA-DCV | VCP5-DCV | VCP6.0; 6.5-DCV & CMA | VCA-DBT | VCAP60-DCV

View solution in original post

0 Kudos
9 Replies
pwilk
Hot Shot
Hot Shot
‎03-21-2018 08:42 AM
Jump to solution

First thing Id check would be DNS and SSO configuration on the DR site appliance. Replication is not possible without perfectly working domain name resolution.

How is your SSO configured and what's your DNS setup?

Cheers, Paul Wilk
0 Kudos
wanderson216
Enthusiast
Enthusiast
‎03-21-2018 08:44 AM
Jump to solution

They're in different sites and different PSCs. DNS is fine, I can look up the opposite sites. How would DR connect up to PROD if DNS was hosed?

0 Kudos
VishShah
VMware Employee
VMware Employee
‎03-21-2018 09:08 AM
Jump to solution

In general configurations with two vSphere Replication sites where each includes a vCenter Server instance and a vSphere Replication appliance, the vSphere Replication sites can appear in the Not authenticated  state, even if you have successfully connected the sites.

Sites that you have successfully connected can appear in the Not authenticated  state when you establish a new login session to the vSphere Web Client and the previous login session has timed out. In this case, the Not authenticated state reflects the connection to the remote site from the vSphere Web Client and not the state of the connection between the sites. If the two sites are running, vSphere Replication still performs replications at the schedules that you have configured.

If you are seeing this behavior after fresh or re-installing the VR then you can only fix this resetting the VR DB from VR VAMI interface because its basically breaks the registration between 2 Replicated Sites including DB goes out of sync, if there are ongoing VM replication which is paused state it will not going to delete the existing replicated data at the DR site, except configuration then you should be able to configure replication of the VM from scratch and choose existing seeds.

Q1) Before re-installing VR have you renamed the folders of the VM located on the Datastore at DR Site.

Q2) If not what is the state\status of the ongoing replication VM from Prod Site (Screenshots)?

Let me know if you need additional information 'or' have any other questions that I can help with.

Regards Vishwajit Shah Skyline Support Moderator VCA-DCV | VCP5-DCV | VCP6.0; 6.5-DCV & CMA | VCA-DBT | VCAP60-DCV
0 Kudos
wanderson216
Enthusiast
Enthusiast
‎03-21-2018 09:22 AM
Jump to solution

Q1.) I shut the old one down. Removed it from MOB. I couldn't reset the old db on it for some reason. I did change the SSO password at some point for something else, but I did change it back. I deleted the entire VM from disk.

Q2.) So oddly enough, when I first brought this back online I saw everything was nice and connected. I started a replication and that went through just fine. But now it's showing not authenticated again. It's the primary reason why I rebuilt it too. Replication seems OK

okay.png

This is on my PROD vCSA. That's a box I'm replicating back up from DR -> PROD. So that's there. Could my VCSA still have some old certs tied to it? I think I might have named them the same.

0 Kudos
VishShah
VMware Employee
VMware Employee
‎03-21-2018 10:00 AM
Jump to solution

I believe when you refresh or re-start the Replication Services from Prod Replication VAMI it should change the correct state VM Replication.

To resolve this perform these below steps at Prod Replication Site before that you may try Replacing Replication certs to check that if that helps, From the VAMI page re-generated the certificates using generate and install option the Save & Restart > then Restart the vCenter Server & vSphere Web Client Services > Try Authenticating the Sites, If no go then use these below steps, finally if it does not fix the issue re-install replication at Prod Site.

> Unregister the affected Site Replication Server appliances with their vCenter's by logging into vSphere replication appliance vami :5480 page.

> Remove the Replication from vCenter Server Mob -- unregister vSphere replication with vCenter MOB by using KB https://kb.vmware.com/s/article/1025360

1) Login to vCenter/mob from browser.

2) Select "content".

3) Select"ExtentionManager".

4) Select"UnregisterExtension". (Open new window)

5) Input "com.vmware.vcHms" to "VALUE" and clieck "Invoke Method".

6) Close new Diaglog Box.

7) Close Extention Manager Window for vCenter Server.

😎 Restart vCenter Server & Web Client Services

> Remove the solution user for vSphere replication by logging into vSphere web client administration > >User & groups > >Solution users.

1. Log in to the vSphere Web Client as administrator@vsphere.local  or as any another user with vCenter Single Sign-On administrator privileges.

Users with vCenter Single Sign-On administrator privileges are in the Administrators group in the vsphere.local domain.

2.Click Home, and browse to Administration > Single Sign-On > Users and Groups.

3.Click the Solution Users tab, and click the solution user name.

4.Click the Delete Solution User icon.

5.Click Yes.

> Restart the corresponding vCenter Server & vSphere Web Client Services

> Login to vSphere Replication VAMI page and then re-register it again, This should create a fresh solution user for vSphere solution user

Note: Removing the association of Replication from vCenter Server MOB does not make a serious impact vCenter creates a Snapshot of vCenter Server & Replication to be on the safer side.

Regards Vishwajit Shah Skyline Support Moderator VCA-DCV | VCP5-DCV | VCP6.0; 6.5-DCV & CMA | VCA-DBT | VCAP60-DCV
0 Kudos
wanderson216
Enthusiast
Enthusiast
‎03-21-2018 10:43 AM
Jump to solution

Wait, what? Regenerate the certs on the PROD VAMI so it can connect to the DR one? I did the /MOB removal before making this thread. I'll try the regenerate now.

0 Kudos
VishShah
VMware Employee
VMware Employee
‎03-21-2018 10:46 AM
Jump to solution

Yes please follow the recommendations this will help us to isolate how bad registration is broken.

Regards Vishwajit Shah Skyline Support Moderator VCA-DCV | VCP5-DCV | VCP6.0; 6.5-DCV & CMA | VCA-DBT | VCAP60-DCV
0 Kudos
wanderson216
Enthusiast
Enthusiast
‎03-21-2018 10:50 AM
Jump to solution

Regenerating the certs worked it appears... I just didn't think to do it on the PROD end. Now I know. Thanks!

Lucky428kimo
Contributor
Contributor
‎06-04-2021 01:33 AM
Jump to solution

sorry, i have the same issue, i delete the "com.vmware.vcHms", but i cannot find any solution users on my vCenter, and if i try to re-register it, it show me the error of "vSphere Replication Appliance configuration error:Unable to create solution user", does any idea of this issue?

0 Kudos