vSphere Replication - UI error: Unable to connect to PSC service
search cancel

vSphere Replication - UI error: Unable to connect to PSC service

book

Article ID: 393637

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms : 

  • After replacing the certificates in the vCenter appliances, the vSphere Replication appliances are disconnected and display error: 
    vSphere Replication - UI error : Unable to connect to PSC service.

       

  •  VAMI page of vSphere Replication appliance VRMS_IP:5480 summary page does not contain vCenter server information.

         

  • The Recovery Site vCenter UI shows the error below:

    • com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured

  • Stale browser cache may cause the error to appear if all steps have been performed

 

Environment

vSphere Replication 8.x

vSphere Replication 9.x

Cause

vCenter certificates replacement may cause a thumbprint mismatch between vCenter and vSphere Replication. The updated certificate does not update in VRMS database until a reconfigure is performed from the VAMI interface

Similar errors will appear in hms.log

Log path : 

less /opt/vmware/hms/logs/hms.log

2025-07-09 13:34:44.967 WARN  jvsl.sessions [hms-ping-scheduled-thread-2] (..net.impl.VmomiPingConnectionHandler) [operationID=23eaf1de-c9e2-43c5-893e-############-HMS-PING---Ping Thread for session key: N/A and vmomi session: 780D0E65 and server: ###.##.#.###:8043] 
 Failed to reconnect to server ##.##.#.2##:8043: (hms.fault.HmsRuntimeFault)
 {faultCause = null,   faultMessage = null,   originalMessage = javax.net.ssl.SSLException: Certificate thumbprint mismatch, expected: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## but encountered:##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##  or ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:## 
ERROR jvsl.sessions [hms-ping-scheduled-thread-2] (..net.impl.PersistentConnection) [operationID=23eaf1de-c9e2-43c5-893e-############-HMS-PING---Ping Thread for session key: N/A and vmomi session: 780D0E65 and server: ###.1#.#.###:8043] |
Failed to connect to server ##.1#.#.###:8043java.util.concurrent.ExecutionException: (hms.fault.HmsRuntimeFault) {   faultCause = null,   faultMessage = null,   originalMessage = javax.net.ssl.SSLException: Certificate thumbprint mismatch, expected: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##  but encountered:##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##  or ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##  

From var/log/vmware/dr/drconfig.log

2025-12-18T11:13:41.825+10:00 warning drconfig[01652] [SRM@6876 sub=HttpConnectionPool-000000 opID=03986101-03eb-4daa-897c-db5a178f2540-isReconfigureRequired] Failed to get pooled connection; <cs p:00007f139402dc00, TCP:###############.###.#####:443>, SSL(<io_obj p:0x00007f137c019e40, h:22, <TCP '##.##.#.2## : 60436'>, <TCP '##.##.#.2## : 443'>>), duration: 11msec, N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
--> PeerThumbprint: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##F
--> ExpectedThumbprint: ##:##:##:##:##:##:##:7#:##:3#:D#:##:##:##:##:##:##:##:E2:##:##:##:##:##:##:##:##:##:##:##
 
--> ExpectedPeerName: ###############.###.#####
--> The remote host certificate has these problems:
--> * unable to get local issuer certificate)
--> [context]zKq7AVECAAQAANjOcAELZHJjb25maWcAACwZHGxpYnZtYWNvcmUuc28AACRNMgBJPjIAudMxAEPoMQCmBjIAzik0ANJCNADgfUkBsI4AbGlicHRocmVhZC5zby4wAALf+g9saWJjLnNvLjYA[/context]

+ The above events shows mismatch with vCenter server thumbprint stored in vSphere replication database.

Resolution

1. Power off appliance (Power off, Not shutdown) and restart

2. Log into VRMS management interface (VAMI) on port 5480 and Reconfigure vSphere Replication

3. Log into the Site Recovery page to Reconnect the Site Pair

 Note: Reconfigure SRM as well if used in the environment, before step 3.

4. If issue persists restart the browser or use an incognito/private window to verify that the Site Recovery UI now correctly reflects the updated trust status.

Additional Information

Note: It may be necessary to run lsdoctor in vCenter to fix the trusts

Using the 'lsdoctor' Tool

Powered by Wolken Software