SRM - Server certificate assertion not verified and thumbprint not matched
book
Article ID: 312754
calendar_today
Updated On:
Products
VMware Live RecoveryVMware vSphere ESXi
Issue/Introduction
Symptoms:
1. Unable to reconfigure SRM after upgrade
ERROR Failed to retrieve pairs from extension server at https://srm.vmware.local:443/drserver/vcdr/vmomi/sdk. Failed to connect to Site Recovery Manager Server at https://srm.vmware.local:443/drserver/vcdr/vmomi/sdk. Reason: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched Failed to connect to Site Recovery Manager Server at https://srm.vmware.local:443/drserver/vcdr/vmomi/sdk. Reason: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched Operation ID: e53a538a-bf3a-4612-b5fe-771aa92dc629
Environment
VMware vSphere Replication 8.x
Cause
1. SRM or VR certificate is assigned to IP address or short name instead of FQDN
2. DNS is not configured or incorrectly set for vCenter, SRM & VR appliances
This may also be caused during deployment of the OVF when the hostname is not changed as per the correct DNS record name.
Resolution
Below steps can be applied to both SRM & vSphere replication.
1. Ensure forward and reverse lookup records are created in DNS for the appliance. Verify it by running the nslooup command against the IP & FQDN
2. Change the SRM Appliance Certificate from VAMI to reflect FQDN
3. Reconfigure SRM & reconnect site pair
NOTE: We always recommend using a DNS server. In the absence of a DNS server, assign the appliance certificate to IP address and register it using IP address.