When configuring a replication for an encrypted VM in VMware Cloud Director Availability (VCDA), the task fails and you see an error similar to:

Unable to create replica placeholder disk '[<datastore-name>] C4-########-####-####-####-#####14356f3/<vm-name>.vmdk'.

In the /opt/vmware/h4/cloud/log/cloud.log file on the destination Cloud Director Replication Management Appliance, you see entries similar to:

2025-02-03 08:08:22.321 ERROR - [UI-########-####-####-####-########-r401-Il] [task-poller-2] com.vmware.h4.jobengine.JobExecution     : Task ########-####-####-####-##########c2 (WorkflowInfo
{type='start', resourceType='vmReplication', resourceId='C4-########-####-####-####-#####14356f3', isPrivate=false, resourceName='null'}) has failed

com.vmware.h4.replicator.api.exceptions.FailedToCreateReplicaPlaceholderDiskException: Unable to create replica placeholder disk '[<datastore-name>] C4-########-####-####-####-#####14356f3/<vm-name>.vmdk'.
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
        at com.vmware.h4.api.error.GenericServerExceptionProvider.get(GenericServerExceptionProvider.java:125)
        at com.vmware.h4.api.error.GenericServerExceptionProvider.get(GenericServerExceptionProvider.java:97)

in the /opt/vmware/h4/replicator/log/replicator.log file on the distention replicator you will see entries similar to:

2025-02-03 08:08:22.285 DEBUG - [UI-########-####-####-####-########-r404-8J-LW-sP] [job-12] c.v.h.r.replication.util.DiskHelper      : Failed to create replica placeholder disk [<datastore-name>] C4-########-####-####-####-#####ee87a5/<vm-name>.vmdk

com.vmware.vim.binding.vmodl.fault.SystemError: A general system error occurred: Key locator error
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
        at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128)
        at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:347)
        at java.base/java.lang.Class.newInstance(Class.java:645)

• VMware Cloud Director Availability 4.x
• VMware Cloud Director 10.x
• VMware vCenter Server 8.X
• VMware vCenter Server 7.X

This issue occurs when the Native Key providers for both source and destination vCenter servers do not have matching Key ID's. 

To resolve this issue Backup the KMS server on the source site and on the destination site restore the backup from the source vCenter KMS site to the destination vCenter KMS and set it as the default KMS. 

Note: If you have existing encrypted VM's on the destination site they will need to be decrypted before making any changes to the KMS server.

For more information about the prerequisites for replicating encrypted VMs in VMware Cloud Director Availability, see Create a replication for encrypted virtual machines.