'vSphere Replication - UI error: Unable to read configuration'
search cancel

'vSphere Replication - UI error: Unable to read configuration'

book

Article ID: 392442

calendar_today

Updated On: 04-23-2025

Products

VMware Live Recovery

Issue/Introduction

Symptoms:

  • On SRM UI page you will see an error related to connection status for VRMS appliances.
  • VRMS VAMI page refer to Errors related to thumbprint validation error.

  • From VRMS VAMI page you see the below error:

 

Environment

VMware vSphere replication 9.x

Cause

From the /opt/vmware/support/logs/dr-config.log, we see unable to get local issuer certificate message.

2025-03-28 11:17:00,705 [srm-reactive-thread-4] WARN  com.vmware.dr.configservice.summary.IsConnectedToCloud 8b3de7f8-xxxx-4xxx-xxxx-92b7xxxxx67b isConnectedToCloud - D
rRequestHandlerError:

(vmodl.fault.SystemError) {
   faultCause = null,
   faultMessage = null,
   reason = N7Vmacore3Ssl18SSLVerifyExceptionE SSL Exception: Verification parameters:
PeerThumbprint: 02:xx:xx:5F:xx:xx:CB:xx:E3:xx:xx:01:B2:xx:2B:xx:85:xx:xx:97:xx:57:xx:E0:xx:xx:xx:xx:00:xx:xx:04
ExpectedThumbprint: AC:xx:xx:8D:xx:F9:xx:xx:58:xx:11:xx:xx:C8:69:xx:AB:xx:43:1B:xx:AC:xx:2D:xx:02:xx:50:xx:0A:xx:24
ExpectedPeerName: xxxxvcenter01.xxxxxxxx.com
The remote host certificate has these problems:

unable to get local issuer certificate
}
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
        at java.base/java.lang.Class.newInstance(Unknown Source)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:209)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:185)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:76)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:105)
        at com.vmware.dr.ui.tools.utilities.ExecutorUtils.lambda$wrap$1(ExecutorUtils.java:36)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

Errors pointing towards the thumbprint issues on the VRMS appliances.

The error unable to get local issuer certificate indicates that the appliance could not validate the certificate chain, likely due to missing or misconfigured root certificates.
These discrepancies in certificate configuration, pointing to a need for corrective measures in the certificate management process.

 

Resolution

 

  • Change the VRMS certificates on both the appliances from VRMS VAMI page.
  • Reconfigure the VRMS appliances and confirm issue resolution.