Site Recovery UI shows error: 'Unable to connect to PSC service'
search cancel

Site Recovery UI shows error: 'Unable to connect to PSC service'

book

Article ID: 386005

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptom:

  • After upgrading the SRM,VR to the 9.x version and VC to 8.x version getting an error as: "UI error: Unable to connect to PSC service"

  • After regenerating SSL certificate on VC, unable to connect to PSC service error is seen on SRM plugin page.

  • Able to access the VAMI page of SRM and VR appliance using IP address details.

  • From Site Recovery UI, getting an error as below:

Environment

VMware Live Site Recovery 9.x

VMware vSphere Replication 9.x

 

Cause

  • The error is caused by a mismatch between the certificate thumbprint stored in the Lookup Service and the one presented by the vCenter Server during validation. The expired certificate remains registered in the Lookup Service, and the vCenter Server presents a new certificate after an update. The mismatch leads to validation failure, resulting in trust and registration errors.

    Below events are reported from the /var/log/vmware/vSphere-ui/logs/vSphere_client_virgo.log of the vCenter server.

    [2024-12-03T12:51:10.999+08:00] [INFO ] -nio-127.0.0.1-5090-exec-248  com.vmware.vum.client.remoting.impl.VumServiceImpl Connecting to https://xxx.xxxx.xxxxx.xxxx:8084/vci/sdk with VMODL version class version1
    [2024-12-03T12:51:11.008+08:00] [WARN ] -nio-127.0.0.1-5090-exec-248  com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager Server is trusted; certificate validation by the configured VKS2 trustore succeeded while the thumbprint one failed
    [2024-12-03T12:51:11.018+08:00] [INFO ] -nio-127.0.0.1-5090-exec-248  com.vmware.vum.client.remoting.impl.VumServiceImpl Connecting to https://xxx.xxxx.xxxxx.xxxx:8084/vci/sdk with VMODL version class version8
    [2024-12-03T12:51:11.023+08:00] [WARN ] -nio-127.0.0.1-5090-exec-248  com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager Server is trusted; certificate validation by the configured VKS2 trustore succeeded while the thumbprint one failed

Resolution

Note: Please take a snapshot of the vCenter VM before performing the steps in resolution. If the vCenter is in linked mode, please take an offline snapshot of all the linked vCenter servers.


To resolve the thumbprint trust mismatch validation issue:

  • Using the 'lsdoctor' Tool, perform the 'trustfix' option on the vCenter server. This will identify and correct the SSL thumbprint trust mismatches in the Lookup Service.

  • Restart the vCenter Services.

  • Reconfigure SRM and vSphere Replication Appliance.

    Note: Incase VAMI UI (https://<SRM/VR>:5480) is not accessible from your system then check if the port 5480 is accessible through the environment by running this command using PowerShell - "Test-NetConnection <FQDN of vCenter/SRM/VR, also try with the IPs> -p 5480"

    Example -
    PS C:\Users\tseadmin> Test-NetConnection <FQDN/IP of SRM/VR> -p 5480                                                    
    WARNING: Name resolution of <FQDN/IP of SRM/VR> failed                                                                                                                                                                                           

    ComputerName   : <FQDN/IP of SRM/VR>
    RemoteAddress  :
    InterfaceAlias :
    SourceAddress  :
    PingSucceeded  : False

  • Reach out to your internal networking team to resolve the port 5480 accessibility issue in the environment.

Additional Information