vSphere Replication Configure option is not working and fails with error 'vSphere Replication - UI error: Unknown error' / vSphere Replication Plug-in Issue.
Article ID: 388708
Updated On:
Products
Issue/Introduction
Symptoms:
- vSphere Replication is not manageable from the vSphere Client SRM plugin page and fails with the error 'vSphere Replication - UI error: Unknown error'
- Clicking on the "i" symbol shows the following information: "The vSphere Replication Management Server is not accessible. Check the Site Recovery integration plug-in logs for possible causes.":
- The vSphere replication appliance can be accessible directly using the VAMI and DR pages.
vSphere replication appliance VAMI login works fine: https://replication01:5480/
vSphere replication appliance DR login works fine: https://replication01/dr - The hostname for the vSphere Replication appliance is configured with FQDN ( fully qualified domain name )
Log in to the vSphere replication appliance via the putty application and type the hostname to check whether the vSphere replication appliance is configured with a short name or fqdn.
root [ /opt/vmware/logs/hms ]# hostname########.sample.comroot [ /opt/vmware/logs/hms ]#
The vSphere Replication appliance VAMI page indicates that the certificate is configured with a short VR appliance hostname.
The vSphere Replication appliance VAMI page indicates that in the certificate CN=localhost or IP address or anything other than actual hostname.
Note: Noticed vSphere Replication appliance was using a Self-signed Certificate.
Environment
vSphere replication 8.x
vSphere replication 9.x
Cause
vSphere Replication appliance certificate is configured with a short name/IP address instead of FQDN which is configured in the networking hostname:
/opt/vmware/hms/logs/hms.log has the below error:
####-##-## ##:##:##.### INFO com.vmware.jvsl.util.SingleThumbprintVerifier [hms-vlsi-client-thread-738] (..jvsl.util.SingleThumbprintVerifier) [operationID=7527692d-d185-45ba-b691-3e4000a21dbf-HMSINT-214240] | Failed to validate certificate chain for ########.sample.com against HMS truststore. Error message: The certificate was not issued for use with the given hostname: ########.sample.com/opt/vmware/hmslogs/hms.log can also have the below error:
2026-03-06 10:43:41.033 INFO com.vmware.jvsl.util.SingleThumbprintVerifier [hms-ping-scheduled-thread-6] (..jvsl.util.SingleThumbprintVerifier) [operationID=ad3c98bc-bbf7-4484-a38c-15e7813157de-HMS-PING] | Failed to validate certificate chain for ############## against HMS truststore. Error message: The certificate was not issued for use with the given hostname: ##############The certificate chain validation will fail as the hostname for the vSphere Replication appliance does not match the CN (localhost/short name/IP address) in the certificate.
Resolution
Login to the vSphere Replication appliance VAMI page and update the certificate from short name to vSphere replication appliance FQDN
- Log in to the vSphere Replication Appliance Management Interface as admin.
- Click on the Certificate option click on Change and validate whether the vSphere replication appliance hostname is correctly updated in FQDN format and complete the name change process flow and this will end the current vSphere replication appliance session.
- Login back to the vSphere replication appliance and reconfigure the vSphere replication appliance using FQDN/Hostname.
- Once the vSphere appliance reconfigures is completed, the vSphere Replication appliance should be manageable from the SRM UI page.
Note: Do not Configure vSphere Replication using IP as its not recommended for reference, Change SRM or vSphere Replication registration from IP address to FQDN or visa versa
Feedback
