vSphere Replication - UI error: Unable to connect to PSC service
Article ID: 393637
Updated On:
Products
Issue/Introduction
Symptoms :
- After replacing the certificates in the vCenter appliances, the vSphere Replication appliances are disconnected and display error "vSphere Replication-UI error : Unable to connect to PSC service.
- VAMI page of vSphere Replication appliance VRMS_IP:5480 summary page does not contain vCenter server information.
-
The Recovery Site vCenter UI shows the error below:
-
com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured
-
Environment
vSphere Replication 8.x
vSphere Replication 9.x
Cause
vCenter certificates were replaced which caused a thumbprint mismatch between vCenter and vSphere Replication. The updated certificate was not updated in VRMS database
Cause Justification
Validate thumbprint mismatch instances in hms.log
Log path : less /opt/vmware/hms/logs/hms.log
2025-07-09 13:34:44.967 WARN jvsl.sessions [hms-ping-scheduled-thread-2] (..net.impl.VmomiPingConnectionHandler) [operationID=23eaf1de-c9e2-43c5-893e-############-HMS-PING---Ping Thread for session key: N/A and vmomi session: 780D0E65 and server: ###.##.#.###:8043] Failed to reconnect to server ##.##.#.2##:8043: (hms.fault.HmsRuntimeFault) {faultCause = null, faultMessage = null, originalMessage = javax.net.ssl.SSLException: Certificate thumbprint mismatch, expected: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## but encountered:##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## or ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## ERROR jvsl.sessions [hms-ping-scheduled-thread-2] (..net.impl.PersistentConnection) [operationID=23eaf1de-c9e2-43c5-893e-############-HMS-PING---Ping Thread for session key: N/A and vmomi session: 780D0E65 and server: ###.1#.#.###:8043] |Failed to connect to server ##.1#.#.###:8043java.util.concurrent.ExecutionException: (hms.fault.HmsRuntimeFault) { faultCause = null, faultMessage = null, originalMessage = javax.net.ssl.SSLException: Certificate thumbprint mismatch, expected: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## but encountered:##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## or ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##
From var/log/vmware/dr/drconfig.log
2025-12-18T11:13:41.825+10:00 warning drconfig[01652] [SRM@6876 sub=HttpConnectionPool-000000 opID=03986101-03eb-4daa-897c-db5a178f2540-isReconfigureRequired] Failed to get pooled connection; <cs p:00007f139402dc00, TCP:###############.###.#####:443>, SSL(<io_obj p:0x00007f137c019e40, h:22, <TCP '##.##.#.2## : 60436'>, <TCP '##.##.#.2## : 443'>>), duration: 11msec, N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:--> PeerThumbprint: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##F--> ExpectedThumbprint: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##--> ExpectedPeerName: ###############.###.#####--> The remote host certificate has these problems:--> * unable to get local issuer certificate)--> [context]zKq7AVECAAQAANjOcAELZHJjb25maWcAACwZHGxpYnZtYWNvcmUuc28AACRNMgBJPjIAudMxAEPoMQCmBjIAzik0ANJCNADgfUkBsI4AbGlicHRocmVhZC5zby4wAALf+g9saWJjLnNvLjYA[/context]
+ The above events shows mismatch with vCenter server thumbprint stored in vSphere replication database.
Resolution
1. Power off appliance (Power off, Not shutdown) and restart
2. Log into VRMS management interface (VAMI) on port 5480 and Reconfigure vSphere Replication
3. Log into the Site Recovery page to Reconnect the Site Pair
Note: Reconfigure SRM as well if used in the environment, before step 3.
Additional Information
Note: It may be necessary to run lsdoctor in vCenter to fix the trusts
Feedback
