Registering VMware vSphere Replication (VR) to vCenter Server fails with the error: Unable to obtain SSL certificate
search cancel

Registering VMware vSphere Replication (VR) to vCenter Server fails with the error: Unable to obtain SSL certificate

book

Article ID: 322231

calendar_today

Updated On:

Products

VMware Live Recovery VMware vSphere ESXi

Issue/Introduction



Symptoms:
  • Cannot register VMware vSphere Replication (VR) to vCenter Server.
  • Registering VMware vSphere Replication (VR) to vCenter Server fails.
  • Register VR appliance fails.
  • You see the error:

    Unable to obtain SSL certificate: Bad server response: is a vCenter server listening on the given host and port.
Unable to obtain ssl certificate: bad server response; is a lookupservice listening on the given address?

 



    Environment

    VMware vSphere Replication 5.1.x
    VMware vSphere Replication 5.5.x

    Cause

    This issue occurs when the vCenter Server SSL certificate is issued against its Fully Qualified Domain Name (FQDN). This issue occurs because the vSphere Replication (VR) appliance is unable to resolve the FQDN of vCenter Server.

    Trying to use the IP address of vCenter Server as an alternative to FQDN also results in the same error.

    Resolution

    Note: When vSphere Replication Management Server (VRMS) tries to validate the SSL certificate of vCenter Server, it is either unable to connect to vCenter Server because of DNS resolution or SSL is invalid because it is against the FQDN and not the IP address.

    To resolve this issue, use one of these options:

    • Ensure that there is no DNS issues and the FQDN of vCenter Server can be resolved from inside the VR appliance.
    • Add a static entry to /etc/hosts of the VR appliance to point to vCenter Server:

      echo "xxx.xxx.xxx.xxx vcenter_FQDN.domain.local vcenter_FQDN" >>/etc/hosts

    After performing one of the preceding options, re-register the appliance using the FQDN of vCenter Server.

    To re-register the appliance using the FQDN of vCenter Server:

    1. Log in to the VR server as the root user.
    2. Run this command to change the directory to /opt/vmware/hms/libs:

      # cd /opt/vmware/hms/libs

    3. Run this command to re-register the appliance:

      # java -jar va-util.jar -cmd certauth -host VC_FQDN -port 80 -user VC_username -pass VC_password -extkey com.vmware.vcHms -keystore /opt/vmware/hms/security/hms-keystore.jks -keystorealias jetty -keystorepass vmware

      Note: In VMware vSphere Replication 6.0.x, the default keystore password is random. The password vmware no longer applies. To acquire the password, run this command:

      cat /opt/vmware/hms/conf/hms-configuration.xml | grep keystore

    4. Restart the VRMS service using this command:

      # service hms restart

    Note: If the IP address of vCenter Server is changed, you have to edit the /etc/hosts file and update (or remove if you are able to fix the DNS) the entry added earlier.


    Additional Information


    vCenter Storage Monitoring Service fails with the error: Service initialization failed
    向 vCenter Server 注册 VMware vSphere Replication (VR) 失败并出现错误:无法获取 SSL 证书 (Unable to obtain SSL certificate)
    vCenter Server への VMware vSphere Replication (VR) の登録が次のエラーで失敗する:SSL 証明書を取得できない (Unable to obtain SSL certificate)

    Impact/Risks: