SRM service fails to start after Site Recovery Manager 5.x upgrade due to change of authentication provider
search cancel

SRM service fails to start after Site Recovery Manager 5.x upgrade due to change of authentication provider

book

Article ID: 344123

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms:
After upgrading Site Recovery Manager (SRM) 5.x, you experience these symptoms:
  • Cannot start the SRM service.
  • The SRM service fails to start.
  • The vmware-dr-*.log file contains entries similar to:

    [11712 verbose 'authorize'] Call made to InsertACE for id (4), entity (DrServiceInstance), and user(Administrators).
    [11712 error 'authorize'] Failed to add default permission: user Administrators not found
    [11712 error 'authorize'] Cannot start authorize - system has no access rules
    [11712 error 'authorize'] [Auth] Failed to initialize: <class Vmacore::Authorize::AuthException(Authorize Exception)>
    [11712 error 'authorize'] Failed to initialize security
    [11712 info 'Default'] CoreDump: Writing minidump
    [12116 verbose 'DatastoreGroupManager' opID=7e2cdc98] Found 10 devices on host 'host-000000'
    [12116 verbose 'DatastoreGroupManager' opID=7e2cdc98] Found 11 VMFS volumes on host 'host-000000'
    [11712 panic 'Default']
    -->
    --> Panic: Assert Failed: "rc" @ d:/build/ob/bora-820150/srm/src/authorization/authorize.cpp:135
    --> Backtrace:
    --> backtrace[00] rip 000007fee7a1c8fa
    --> backtrace[01] rip 000007fee78eed18
    --> backtrace[02] rip 000007fee78f00ae
    --> backtrace[03] rip 000007fee7a32abf
    --> backtrace[04] rip 000007fee7a32c1c
    --> backtrace[05] rip 000007fee78dfc80
    --> backtrace[06] rip 0000000005282753
    --> backtrace[07] rip 00000001400438e1
    --> backtrace[08] rip 00000000057c2d31
    --> backtrace[09] rip 00000000057c3fe5
    --> backtrace[10] rip 0000000074162fdf
    --> backtrace[11] rip 0000000074163080
    --> backtrace[12] rip 00000000778d652d
    --> backtrace[13] rip 0000000077a0c521


    Note: For more information on log locations, see Location of Site Recovery Manager log files (1021802).


Environment

VMware vCenter Site Recovery Manager 8.x
VMware vCenter Site Recovery Manager 5.1.x
VMware vCenter Site Recovery Manager 5.5.x
VMware vCenter Site Recovery Manager 5.0.x

Cause

This issue occurs because the administrator account configured in the SRM database no longer exists in identity sources used by the authentication provider.
After upgrading, configure SRM to use the SSO Administrator user, rather than the old local Windows Administrators group.

Resolution

To resolve this issue, modify the SRM database.

To modify the SRM database:
Caution: Take a back up of the SRM database and take snapshots of all servers being modified before making changes to the database.
  1. Open the SRM database in SQL Management Studio.
  2. Locate these tables:

    dbo.pd_acedata
    dbo.pd_authorization


  3. Delete the contents of both tables:
    1. Right-click the table and click Edit Top 200 Rows.
    2. Right-click the rows in the table and click Delete.
During SRM startup if the pd_authorization table is empty, SRM creates administrative permissions for all users and groups that have Administrator role on vCenter root folder.
4. After SRM servers at both sites successfully start, reconfigure the connection between them if broken.

Additional Information

For translated versions of this article, see:


Location of Site Recovery Manager log files
Site Recovery Manager 5.x のアップグレード後、認証プロバイダ変更のため SRM サービスを起動できない

Impact/Risks: