1 Reply Latest reply on Jun 15, 2019 5:52 AM by ChrisFD2

    Can't register SRM 8.2 appliance on recovery site to secondary vCenter server

    ChrisFD2 Enthusiast
    VMware EmployeesvExpert

      I'm trying to get SRM setup at home to refresh my memory on it.

      Setup as follows:

      Site 1:

      3x SuperMicro hosts running vSAN and a vCenter appliance. All at 6.7U2.

      Site 2:

      1x Intel NUC and a vCenter appliance. Again, at 6.7U2.

      vCenter is in Linked mode and working fine. I can vMotion between the two etc.

      Two SRM appliances deployed in the same way.

      Appliance 1, can register fine with the vCenter server in the first site (called vcenter1.chris.local).

      Appliance 1 cannot register with the vCenter server in the second site (called vcenter2.chris.local).

      Appliance 2 can register fine with the vCenter server in the first site.

      Appliance 2 cannot register with the vCenter server in the second site.

      In the UI I see the following error after I accept the certificate for the second vCenter server.

      " A specified parameter was not correct: connection.thumbprint"

      The issue appear certificate related. This is a tail of the /var/log/vmware/srm/drconfig-2.log file:

      2019-05-28T06:47:34.139Z warning drconfig[00882] [SRM@6876 sub=Libs] SSL_VerifyCbHelper: Certificate verification is disabled, so connection will proceed despite the error 2019-05-28T06:47:34.145Z verbose drconfig[01398] [SRM@6876 sub=vmomi.soapStub[11] opID=c9ce0a75-3f71-4382-bd54-723055e03259-listVcServices] Resetting stub adapter for server <cs p:00007f3df4016ab0, TCP:vcenter2.chris.local:443> : Closed 2019-05-28T06:47:34.146Z verbose drconfig[01398] [SRM@6876 sub=vmomi.soapStub[10] opID=c9ce0a75-3f71-4382-bd54-723055e03259-listVcServices] Resetting stub adapter for server <cs p:00007f3df4004780, TCP:vcenter2.chris.local:443> : Closed 2019-05-28T06:47:37.839Z verbose drconfig[00885] [SRM@6876 sub=ProbeSsl.Url.DrConfigSslCertificateManager] Established TCP connection to 'vcenter2.chris.local:443' 2019-05-28T06:47:37.844Z warning drconfig[00879] [SRM@6876 sub=ProbeSsl.Url.DrConfigSslCertificateManager] SSL client handshake to 'vcenter2.chris.local:443' failed. --> N7Vmacore3Ssl18SSLVerifyExceptionE SSL Exception: Verification parameters: --> PeerThumbprint: 93:98:0A:06:54:BA:58:FD:77:E2:B1:99:B0:84:11:3C:6A:E6:35:5E --> ExpectedThumbprint: --> ExpectedPeerName: vcenter2.chris.local --> The remote host certificate has these problems: --> --> * unable to get local issuer certificate 2019-05-28T06:47:41.270Z verbose drconfig[01338] [SRM@6876 sub=ProbeSsl.Url.Default] Established TCP connection to 'vcenter1.chris.local:443' 2019-05-28T06:47:41.276Z warning drconfig[00879] [SRM@6876 sub=ProbeSsl.Url.Default] SSL client handshake to 'vcenter1.chris.local:443' failed. --> N7Vmacore3Ssl18SSLVerifyExceptionE SSL Exception: Verification parameters: --> PeerThumbprint: 87:C0:18:74:EA:C9:4E:C1:02:5F:B6:84:B1:DB:01:43:7F:E4:F9:D2 --> ExpectedThumbprint: --> ExpectedPeerName: vcenter1.chris.local --> The remote host certificate has these problems: --> --> * unable to get local issuer certificate

       

      Certificates are my weak point I must admit and something I need to spend some time on. Although linked mode is working, do I need to export the certificates of both vCSA's and import them into one another before this can work? As from the log, although I'm registering with the second site, I can see it checking the certificate of the first.

       

      I have tried this multiple times and every time it's always an issue with the second vCenter server. Am I doing something drastically wrong?