Unable to pair VLR sites.
search cancel

Unable to pair VLR sites.

book

Article ID: 384176

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

This is a generic failing indicating the VLR site pairings are failing to communicate or create, but does not indicate a direct cause. 

Similar symptom: Failed to acquire token from SSO Server at 'https://VC-FQDN/sso-adminserver/sdk/vsphere.local' 

                            Unable to retrieve pairs from extension server at https://VLR:443/drserver/vcdr/vmomi/sdk. Unable to login to Site Recovery Manger.

Environment

VMware Live Site Recovery

Cause

There are various reason why this error can occur, therefore it is important to investigate for any preceding operations/tasks executed in your environment prior to this error.

* Has there been any certificate changes in VCenter?
* Has the URL/IP/DNS of any of the related VLR node been changed?
* Is the VLR appliance service running on both sites?
* Has the timestamp changed or gone out of sync on any of the related VLR/VR/VC nodes?
* Has there been any networking, or firewall issues/changes recently?
* Are all the relevant network ports open, in both directions?

Resolution

vCenter Certificate changes:
 - Run lsdoctor on the vCenters, to update all LookupService endpoints with correct certificate thumbprint.
 - SRM requires a reconfigure in the VAMI:5480 page to resync with the LookupService, whereby new certs are exchanged.


Ensure timestamp on all SRM/VC/VR nodes are in sync
 - Open ssh to appliance and run:
     watch -d date -u
 - Correct any NTP server settings, or reset the timestamps manually. 
 - Timestamps should not be out of sync by any more than 5 seconds.


Ensure DNS is configured for all FQDNs can be resolved from all appliances
 - Test DNS :
    nslookup fqdn
 - If necessary, to circumvent failing DNS, manually add entries to each appliance /etc/hosts files

SRM services.
 - Reboot VLR server
 - Check the srm-server.service status from VLR VAMI:5480

Ensure any firewall/network switch updates have not blocked the required ports
 - Investigate any firewall Intrusion Detection System  (IDS) settings on these ports. They may be open , but can change the cert thumbprint on passing through.
   As IDS monitors network traffic to identify potential threats and intrusions. Firewalls prevent unauthorized access, while IDS detects and alerts suspicious activities.

Powered by Wolken Software