"Unable to connect to the lookup service" errors observed while launching the site recovery
search cancel

"Unable to connect to the lookup service" errors observed while launching the site recovery

book

Article ID: 387730

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms

  • When clicking on ‘Open Site Recovery’ in the Site Recovery plugin within the vCenter Server, the Site Recovery console fails to load and displays the following errors:

    'Unable to connect to the lookup service'
    'Unable to retrieve site recovery manager summary data'
    'Unable to retrieve vSphere replication summary data'


Issue Validation

  • These errors occur on both the protected site and the recovery site.

  • Forward and reverse DNS lookups are correctly configured for vCenter Server, vSphere Replication, and Site Recovery Manager appliances. This can be verified using:

    # nslookup <IP address>
    # nslookup <FQDN>

  • System time is synchronized across all appliances. This can be confirmed by running the following command via SSH on each appliance:

    # watch date

  • No SSL trust issues are detected between the vCenter Server and the SRM/VR appliances.

  • All required ports for SRM and VR are open. Network connectivity tests, including ping and OpenSSL test commands, complete successfully, confirming no transport layer issues. Please refer the below documents for port requirement details.

    Network Ports for Site Recovery Manager
    Port numbers that must be open for vSphere Replication

 

 

Environment

VMware vCenter server 7.x and later
Site Recovery Manager 8.6 and later
vSphere Replication 8.6 and later

Cause

This issue occurs due to incorrect or outdated credentials used for authentication when logging into the Site Recovery console. As a result, the Site Recovery console fails to retrieve data and load properly.

From the log events, it is evident that the authentication failure is related to the user account rather than any issue with the Site Recovery Manager (SRM) or vSphere Replication (VR) appliances. 

Cause Validation: 

  • From the /var/log/vmware/dr-client/dr.log  file of the SRM and VR appliance, we can see the below events indicating connection is closed

2025-01-22 09:14:11,163 [srm-reactive-thread-15719] WARN com.vmware.srm.client.topology.impl.lspp.LsppNegotiator -5014448549298009915 a9e6180a-935d-4db0-b0c7-89d2a5182357 - Version negotiation for 'https://<vc fqdn>:443/lookupservice/sdk' failed. com.vmware.vim.vmomi.client.exception.ConnectionException: Unable to connect to Lookup Service at https://<vc fqdn>:443/lookupservice/sdk. Reason: https://<vc fqdn>:443/lookupservice/sdk invocation failed with "org.apache.http.ConnectionClosedException: Connection is closed" at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:265) at com.vmware.vim.vmomi.client.http.impl.HttpExchangeBase.setResponseError(HttpExchangeBase.java:355)

  • On validating further in the vcenter server logs, we can see the below events in the /var/log/vmware/sso/websso.log indicating that the credentials used for authentication are incorrect or invalid. Due to this the LDAP connection fails resulting in the lookup connection failures.

2024-09-06T17:08:24.222Z WARN websso[69:tomcat-http--30] [CorId=6470fbf9-32d4-483d-a332-b40882476596] [com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 49
2024-09-06T17:08:24.222Z WARN websso[69:tomcat-http--30] [CorId=6470fbf9-32d4-483d-a332-b40882476596] [com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldap://<vc_fqdn>:389, [email protected]]
2024-09-06T17:08:24.222Z ERROR websso[69:tomcat-http--30] [CorId=6470fbf9-32d4-483d-a332-b40882476596] [com.vmware.identity.idm.server.ServerUtils] cannot establish ldap connection with URI: [ldap://<DRVC_fqdn>:389] because [Invalid credentials] therefore will not attempt to use any secondary URIs
2024-09-06T17:08:24.222Z WARN websso[69:tomcat-http--30] [CorId=6470fbf9-32d4-483d-a332-b40882476596] [com.vmware.identity.idm.server.provider.vmwdirectory.VMwareDirectoryProvider] Failed to authenticate using SRP binding com.vmware.identity.interop.ldap.InvalidCredentialsLdapException: Invalid credentials

Resolution

To resolve this issue, the administrator account credentials must be corrected or updated.

If you experience the symptoms described above, please contact Broadcom Technical Support for assistance. 

Workaround

As a workaround, you can follow the below steps as the issue seems to be with the user account and not SRM/VR

  1. Unregister SRM and VR

    Unregister the Site Recovery Manager Appliance on the on-premises site

    Unregister and Remove a vSphere Replication Server

    Cleaning up decommissioned SRM registration from vCenter Server

  2. Create a new user in vsphere.local with the same privileges as administrator

    Add Members to a vCenter Single Sign-On Group

  3. Reconfigure SRM and VR appliances using the new user 

    Configure the Site Recovery Manager Appliance to Connect to a vCenter Server

    Register the vSphere Replication Appliance with vCenter Single Sign-On
Powered by Wolken Software