Site Recovery Manager or vSphere Replication Appliance disconnects after updating vCenter Certificates
search cancel

Site Recovery Manager or vSphere Replication Appliance disconnects after updating vCenter Certificates

book

Article ID: 312784

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptom:

  • After replacing an expired vCenter certificate (like an STS cert or Machine SSL cert) SRM or VRMS is not accessible from vCenter.

  • Authentication throws "A server error occurred Check the server logs for more details."

  • Site Recovery Page is not accessible using Site Recovery plugin after vCenter SSL certificate renewal

    Error seen while accessing Site Recovery plugin - "com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured".

    "There are no vCenter Server instances with installed vSphere Replication or Site Recovery Manager"


  • This is seen at vSphere Client > Click on the Menu (Hamburger symbol on the top left) > Site Recovery:

  • It may be observed in  site recovery page that  vSphere replication or Site recovery manager is in "Not configured "state. 





  • The SRM Appliance /var/log/vmware/dr-client-plugin/drplugin.log indicates the vCenter appliance certificate in unknown state.

2026-03-20 10:47:49,963 [http-nio-9901-exec-6] ERROR com.vmware.dr.plugin.controllers.DynamicItemsController   - Request handling completed with an error.
com.google.common.util.concurrent.UncheckedExecutionException: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://test.new.local/api/ui/vcenter/session/clone-ticket": certificate_unknown(46)
++ Lines Removed ++++
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://test.new.local/api/ui/vcenter/session/clone-ticket": certificate_unknown(46)
++ Lines Removed ++++
Caused by: org.bouncycastle.tls.TlsFatalAlert: certificate_unknown(46)
++ Lines Removed ++++
Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and pinned certificates are not configured and thumbprint verification is not configured
++ Lines Removed ++++
Caused by: java.security.cert.CertificateException: Unable to construct a valid chain
Caused by: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found.
<---------------Truncated output--------------->

  • The SRM Appliance the /var/log/vmware/dr-client/dr.log indicates the SRM appliance is unable validate the vCenter Certificate. 

2026-03-20 10:47:50,082 [srm-topology-thread-3] WARN  com.vmware.srm.client.topology.impl.vmomi.ssl.vc.CertificateManagementService    - Unable to retrieve new Vc certificate.
java.util.concurrent.CompletionException: com.vmware.vapi.std.errors.OperationNotFound: OperationNotFound (com.vmware.vapi.std.errors.operation_not_found) => {
    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
    id = vapi.method.input.invalid.interface,
    defaultMessage = Cannot find service 'com.vmware.vcenter.certificate_management.vcenter.certificate_bundle'.,
    args = [com.vmware.vcenter.certificate_management.vcenter.certificate_bundle],
    params = <null>,
    localized = <null>
}],
    data = <null>,
    errorType = OPERATION_NOT_FOUND

Environment

  • VMware Site Recovery Manager 8.x

  • VMware Live Site Recovery 9.x

  • VMware vSphere Replication 8.x, 9.x

Cause

  • The SRM appliance is no longer able to authenticate against the replaced vCenter certificate.

  • When a certificate changes on the vCenter side, the token that was previously given to SRM/VRMS becomes null and needs to be renewed.

Resolution

To resolve this issue perform the below steps:

  1. Perform a "Reconfigure" for the vCenter's registered SRM and VR appliances from their respective VAMI page(eg: https://SRM_IP:5480, https://VR_IP:5480):



  2. Log into vSphere Client > Click on the Menu (Hamburger symbol on the top left) > Site Recovery. Verify that the appliances show status as "OK" (as seen below) and click on OPEN Site Recovery:



  3. Power cycle the SRM and VRMS VMs (Shutdown the guest OS & power it ON) and follow step 1 and 2 again, if it doesn't show OK status still, then proceed ahead.

  4. On the Site Recovery Page, under Summary perform a site "Reconnect". This will ensure the two site are connected and working as expected after the vCenter's SSL certificate renewal: