"The peer site can not be added, because the given thumbprint is already used by another site." error when connecting to a remote site with vCloud Availability
search cancel

"The peer site can not be added, because the given thumbprint is already used by another site." error when connecting to a remote site with vCloud Availability

book

Article ID: 315137

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Symptoms:

  • When you pair a cloud site in VMware Cloud Director Availability with another cloud site, the action fails and you see the following message:
The peer site can not be added, because the given thumbprint is already used by another site.
  • In /opt/vmware/h4/cloud/log/cloud.log on the VMware Cloud Director Availability Cloud Director Replication Management appliance, you see messages similar to the following:

2019-01-16 18:53:29.065 DEBUG - [70d21b9b-ab1d-4108-8551-52810599ec62] [health-check-2] c.v.h.c.peer.client.PeerHealthMonitor    : Checking connection to peer LocalSite (null, https://192.168.1.51:8046)
2019-01-16 18:53:29.179 DEBUG - [70d21b9b-ab1d-4108-8551-52810599ec62] [health-check-2] c.v.h.c.peer.client.PeerHealthMonitor    : Peer RemoteSite can talk back to us: {}
2019-01-16 18:53:30.459  WARN - [0885d594-681b-4ec8-8a22-470e5af626ea] [c4-scheduler-2] c.v.r.health.HealthCheckingFactory       : Resource is broken: Vcloud{site='RemoteSite', description='', defaultSite=true, lsUrl='https://RemoteSite.cloud.local:443/lookupservice/sdk', lsThumbprint='SHA-256:F5:2B:75:BB:60:2C:3B:EC:57:E0:B9:B2:B7:18:DB:74:28:6A:5B:08:CD:52:08:5C:DD:9B:1B:8E:B7:2A:38:E8', ssoUser='cloud\admin', ssoPassword=[censored], vcdUrl='https://vcd.cloud.local:443/api', vcdThumbprint='SHA-256:02:81:58:D0:69:17:C6:D5:50:87:61:D9:16:58:D7:36:5D:A6:BC:DA:51:24:FE:F2:80:BB:5D:14:44:C6:36:87', vcdSystemUser='administrator@system', vcdSystemPassword=[censored]}
com.vmware.vcloud.client.exception.VcloudException: (Major code = 403, minor code = ACCESS_TO_RESOURCE_IS_FORBIDDEN) - Access is forbidden
...
2019-01-17 12:05:09.170  WARN - [UI_/portal/sites_ed5acbdf-a930-422a-b6a8-25196fef842c_8s] [job-16] o.h.engine.jdbc.spi.SqlExceptionHelper   : SQL Error: 0, SQLState: 23505
2019-01-17 12:05:09.171 ERROR - [UI_/portal/sites_ed5acbdf-a930-422a-b6a8-25196fef842c_8s] [job-16] o.h.engine.jdbc.spi.SqlExceptionHelper   : ERROR: duplicate key value violates unique  -01-17 12:05:09.171  INFO - [UI_/portal/sites_ed5acbdf-a930-422a-b6a8-25196fef842c_8s] [job-16] o.h.e.j.b.internal.AbstractBatchImpl     : HHH000010: On release of batch it still contained JDBC statements
2019-01-17 12:05:09.173 ERROR - [UI_/portal/sites_ed5acbdf-a930-422a-b6a8-25196fef842c_8s] [job-16] com.vmware.h4.jobengine.JobExecution     : Task de27e55b-9456-454c-83e0-3d67ec55ddcc (WorkflowInfo{type='pair', resourceType='site', resourceId='RemoteSite', isPrivate=false, resourceName='null'}) has failed
com.vmware.h4.cloud.api.exceptions.SiteThumbprintInUseException: The peer site can not be added, because the given thumbprint is already used by another site.


  • When attempting the pairing in the opposite direction, the following error may be seen:
Permission denied.
  • In /opt/vmware/h4/cloud/log/cloud.log on the local VMware Cloud Director Availability Cloud Director Replication Management appliance, an error similar to the following is observed:

2024-05-27 22:47:09.298 WARN - [UI-81a1fa1e-5f6c-4375-876d-df7ef5c809cb-r1241-uO] [job-77] com.vmware.h4.cloud.peer.job.PairJob : Unexpected exception while connecting to ExampleSite

com.vmware.h4.api.error.exceptions.PermissionDeniedException: Permission denied.
...

 
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.



Environment

VMware vCloud Availability 3.0.x
VMware vCloud Availability 3.5.x
VMware Cloud Director Availability 4.x

Cause

This issue will occur when the same certificate is in use on both the local and remote cloud sites. As a result, the local site tries to pair with the remote site and detects that the remote server has the same certificate as its own.

Alternatively, the issue can occur if one of the cloud sites is already paired with a site that is configured with the same certificate as the site being newly paired. For example, cloud Site1 and cloud Site2 are being paired, but Site2 is already paired with cloud Site3 that possesses the same cloud certificate as Site1.

Resolution

This is an expected behaviour when multiple sites share the same certificate.
To resolve this issue, configure each site with an unique cloud certificate.

Additional Information