Unable to create protection group. No VRM Server Registered with vCenter Server for site
search cancel

Unable to create protection group. No VRM Server Registered with vCenter Server for site

book

Article ID: 312780

calendar_today

Updated On:

Products

VMware Live Recovery VMware vCenter Server

Issue/Introduction

1. Unable to create Protection group in SRM while using vSphere Replication to replicate VMs.

2. When creating Protection group in SRM after selecting vSphere Replication as the Protection group type, you see this error:

"Unable to create protection group. No VRM Server Registered with vCenter Server for site 'vCenter FQDN'"

3. Failed to create protection group. The VRM server registered with vCenter Server for site "XYZ" is not running.






VMware-dr.log:

2025-02-07 10:54:36,289 [srm-reactive-thread-27] WARN  com.vmware.srm.client.infrastructure.requestHandlers.navigation.SitePairHelper 6863797781565141599 ######-####-####-####-#######-######## getRoboPairs - Fail to get HMS sitePairData for HmsServerImpl {
_guid = ######-####-####-####-##########-######
_url = https://vrmsprod.vmware.com:8043
}: 
com.vmware.srm.client.topology.client.view.availability.ExtensionServer$GetPairFailedException: Unable to retrieve pairs from extension server at https://vrmsprod.vmware.com:8043.Unable to connect to HBR Management Server at https://vrmsprod.vmware.com:8043. Reason: java.net.ConnectException: Timeout connecting to [vrmsprod.vmware.com/10.X.X.X:8043]
 at com.vmware.srm.client.topology.impl.view.availability.ExtensionServerImpl.complete(ExtensionServerImpl.java:51)
 at com.vmware.srm.client.topology.impl.core.mxn.nodes.HmsNode.lambda$discoverNeighbours$1(HmsNode.java:69)
 at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$ErrorCompletion.complete(PromiseImpl.java:172)
 at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$Result.complete(PromiseImpl.java:43)
 at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$Completion.lambda$setResult$0(PromiseImpl.java:63)
 at com.vmware.dr.ui.tools.utilities.ThreadContext.lambda$wrap$1(ThreadContext.java:55)
 at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:209)
 at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:185)
 at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:76)
 at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:105)
 at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$Completion.lambda$setResult$1(PromiseImpl.java:63)
 at com.vmware.dr.ui.tools.utilities.AsyncConsumer$Worker.run(AsyncConsumer.java:

Environment

VMware vSphere Replication 
VMware Site Recovery Manager 
VMware Live Site Recovery

Cause


VR uses host address with upper-cased address everywhere, including certificate, appliance hostname, VC extension, lookup service registration. But according to VMware-dr.log, SRM tries to connect hms with lower-cased address, and fails.

This issue can also present itself if there's a time difference between these components:
  • ESXi Host
  • vCenter Server
  • Port connectivity
  • SRM Server
  • vSphere Replication Appliance

Resolution

Workaround:

Follow the troubleshooting steps outlined below. 

1. Check if the vCenter/VRMS/SRM/ESXi host is using a valid NTP server at both the sites. They must all be configured to sync with local or global NTP server or host but not a mix of both. 

2. Reconfigure VRMS with lowercase VR FQDN and reconnect site pair 

3. Refer to the documentation below to identify additional source and target components to run the tests on. 

Network Ports for VMware Site Recovery

Services, Ports, and External Interfaces That the vSphere Replication Virtual Appliance Uses 

Run the openssl s_client command to test port connectivity between SRM & VRMS appliances

Command: openssl s_client -connect FQDN-OR-IP:Port#

Example:

Port
Protocol or Description
Source
Target
Endpoints or Consumers
8043
HTTPS
Site Recovery Manager                
vSphere Replication appliance on the recovery and protected sites
Management traffic between Site Recovery Manager instances and vSphere Replication appliances.

 

1. SSH into srmprod & run this command  

openssl s_client -connect vrmsprod.vmware.com:8043

root@srmprod [ /home/admin ]# openssl s_client -connect vrmsprod.vmware.com:8043
CONNECTED(00000003)
depth=1 O = "VMware, Inc.", OU = SRM, L = Palo Alto, ST = California, C = US
verify error:num=19:self-signed certificate in certificate chain verify return:1
depth=0 CN = vrmsprod.vmware.com, O = "VMware, Inc.", OU = SRM, L = Palo Alto, ST = California, C = US


2. SSH into srmdr & run this command  

openssl s_client -connect vrmsdr.vmware.com:8043

root@srmdr [ /home/admin ]# openssl s_client -connect vrmsdr.vmware.com:8043

C0618E4E217F0000:error:8000006E:system library:BIO_connect:Connection timed out:crypto/bio/bio_sock2.c:114:calling connect()
C0618E4E217F0000:error:10000067:BIO routines:BIO_connect:connect error:crypto/bio/bio_sock2.c:116:
connect:errno=110


4. Check Firewall Rules

Unblock the required ports by SRM & VRMS on your firewall. 

If you are using NSX, add a rule to the distributed firewall to allow traffic between source and destination VMs 

Additional Information


Additional steps that can be tried - 

1. When connecting to the target site in SRM, try using lower case target vCenter address or use the precise address in the lookup service registration (Copy the vCenter name from the target site as it is) & reconnect site pair. 

2. Register SRM & vSphere Replication appliance using IP address, if there are DNS issues that cannot be resolved. 

Powered by Wolken Software