Error: "Unable to connect to vCenter..." when configuring replications when the Replicator certificate has expired
search cancel

Error: "Unable to connect to vCenter..." when configuring replications when the Replicator certificate has expired

book

Article ID: 373388

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Configuring a new replication fails in Cloud Director Availability, and you see the error:

    Unable to connect to vCenter '####-########-####-########3fd9'

  • In the /opt/vmware/h4/cloud/log/cloud.log file on the Cloud Replication Management Appliance on the destination site, below entry can be seen:

    DATE TIME ERROR - [UI-####-####-####-####-##-##-##-##-##-lk-pH] [job-28] com.vmware.h4.jobengine.JobExecution     : Task 4####-####-####-#### (WorkflowInfo{type='__pr
    ivate_sourceVmDetails', resourceType='VcdVm', resourceId='########-####-####-####-############3af1', isPrivate=true, resourceName='null'}) has failed com.vmware.h4.replicator.api.exceptions.FailedToAcquireVcConnection: Unable to connect to vCenter '####-########-####-########3fd9'.
            at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
            at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
            at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
            [...]

    AND

    DATE TIME ERROR - [UI-####-####-####-####-##-##-##-##-##-lk-pH] [job-71] c.v.h.c.events.ManagementEventsService   : Replication with id 'C4-########-####-####-####-############3af1' was not found in deleted replications! 
    com.vmware.h4.cloud.api.exceptions.VmReplicationNotFoundException: Replication with id 'C4-########-####-####-####-############3af1' was not found.
            at com.vmware.h4.cloud.service.DeletedReplicationService.lambda$getByReplicationId$0(DeletedReplicationService.java:46)
            at java.base/java.util.Optional.orElseThrow(Optional.java:403)
            at com.vmware.h4.cloud.service.DeletedReplicationService.getByReplicationId(DeletedReplicationService.java:46)
            at com.vmware.h4.cloud.events.ManagementEventsService.getVmReplicationTaskOrg(ManagementEventsService.java:1100)
            at com.vmware.h4.cloud.events.ManagementEventsService.getOrg(ManagementEventsService.java:1051)
    [...]

  • In the /opt/vmware/h4/replicator/log/replicator.log file on the destination replicator, below entry can be seen:

    DATE TIME ERROR - [UI-####-####-####-####-##-##-##-##-##-lk-pH-##-##] [https-jsse-nio-8043-exec-12] c.v.vim.sso.client.impl.SoapBindingImpl  : SOAP fault 
    com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: EndTime: DATE TIME GMT YEAR is not after startTime: DATE TIME GMT YEAR Please see the server log to find more detail regarding exact cause of the failure.
            at com.sun.xml.ws.fault.SOAP11Fault.getProtocolException(SOAP11Fault.java:193)
            at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:128)
            at com.sun.xml.ws.client.dispatch.DispatchImpl.doInvoke(DispatchImpl.java:274)
            at com.sun.xml.ws.client.dispatch.DispatchImpl.invoke(DispatchImpl.java:304)
            at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:208)
            at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:138)

    AND

    DATE TIME INFO - [UI-####-####-####-####-##-##-##-##-##-lk-pH-##-##] [https-jsse-nio-8043-exec-12] okenServiceImpl$RequestResponseProcessor : Failed trying to retrieve token: ns0:RequestFailed: EndTime: DATE TIME GMT YEAR is not after startTime: DATE TIME GMT YEAR

    AND

    DATE TIME  WARN - [UI-####-####-####-####-##-##-##-##-##-lk-pH-##-##] [https-jsse-nio-8043-exec-12] c.v.h.r.vc.inventory.VcInventoryService  : Couldn't talk to VC ServiceEndpoint{serviceId='####-#########-####-########3fd9', instanceId='####-#########-####-########3fd9', uri=https://vcenter.example.com:443/sdk, certs=[[
    [
      Version: V3
      Subject: C=US, CN=vcenter.example.com
      Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
     [...]
    com.vmware.vim.sso.client.exception.InternalError: Failed trying to retrieve token: ns0:RequestFailed: EndTime: DATE TIME GMT YEAR is not after startTime: DATE TIME GMT YEAR
    [...]




Environment

VMware Cloud Director Availability 4.7.x

Cause

The replicator certificate has expired.

To check the certificate on the replicator:

  1. In a browser, navigate to VMware Cloud Availability Replicator FQDN/IP.
  2. Log in to the Replicator Management Portal with root user credentials.
  3. In the left pane click Settings.
  4. Under Appliance settings, next to Certificate you have the information about the certificate expiring date

Resolution

When the certificate of the Replicator Service expires, you must replace it with the new self-signed or CA-signed certificate as per the documentation at Replace the SSL certificate of the Replicator Service

Powered by Wolken Software