SSL Certificate Error Handling in vCenter Site Recovery Manager
book
Article ID: 333543
calendar_today
Updated On:
Products
VMware Live Recovery
Issue/Introduction
VMware vCenter Site Recovery Manager (SRM) can exhibit a variety of errors related to the SSL certificates in use by SRM and vCenter servers. This article summarizes those errors and suggests ways to recover from them.
Environment
VMware vCenter Site Recovery Manager 5.0.x VMware vCenter Site Recovery Manager 5.1.x VMware vCenter Site Recovery Manager 4.1.x VMware vCenter Site Recovery Manager 5.5.x VMware vCenter Site Recovery Manager 4.0.x VMware vCenter Site Recovery Manager 5.8.x
Resolution
While using vCenter Site Recovery Manager (SRM), you might encounter any of these errors:
Unable to establish reciprocity, when configuring a connection to the remote site:
This condition is often triggered when one site completes an installation in repair mode but the other site does not. To recover, re-start SRM at both sites and re-run the installer in repair mode at both sites, as described in the VMware vCenter Site Recovery Manager Administration Guide. Ensure that the DNS name resolution is working correctly on both sites.
Certificate subject names do not match for remote SRM extension and local SRM certificate:
A certificate in the host’s chain is not time valid:
This error generally indicates that a certificate has expired. To recover, run the SRM installer in repair mode, as described in the VMware vCenter Site Recovery Manager Administration Guide, and supply the pathname to a new, valid certificate.
Local and Remote servers are using different trust methods:
This error usually indicates that SRM is using a certificate that is trusted by the vCenter server but not by SRM. To recover, use Microsoft Management Console to accept the certificate used by the vCenter server on the SRM server host.