Enhanced Replication Mappings Error: Fault occurred while performing health check. Details: 'Connect: certificate verify failed (SSL routines).
search cancel

Enhanced Replication Mappings Error: Fault occurred while performing health check. Details: 'Connect: certificate verify failed (SSL routines).

book

Article ID: 397919

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

  • When testing the Enhanced Replication Mappings Before/After changing certificates on the Replication appliance, you see the following error:

    Error : Fault occurred while performing health check. Details: 'Connect: certificate verify failed (SSL routines)'
  • Connection to ports 31031 and 32032 from source host to target host connects successfully,

    # nc -zv ##.##.##.## 31031
    Connection to xx.xx.xx.xx 31031 port [tcp/*] succeeded!

    # nc -zv ##.##.##.## 32032
    Connection to xx.xx.xx.xx 33032 port [tcp/*] succeeded!

  • vSphere Replication /opt/vmware/hms/logs/hms.log will display error with VM in replication as below,

    2025-10-10 00:56:48.618 INFO  com.vmware.hms.vlsi.step.InvocationStep [tcweb-14] (..vlsi.step.InvocationStep) [] | vmomiOp-start [method: HmsGroup.getExtendedInfo; target: GID-5ecc1ac6-faf8-448e-ab35-d4bf3aa09c10; user: xxx; client: xx.xx.xx.xx:33586; operationID=d334ae82-5ee3-4ab0-b568-48fb145c55f0-HMS-3156002; sessionID=BD1BD4DF]


    2025-10-10 00:56:48.619 INFO  com.vmware.hms.i18n.class com.vmware.hms.response.filter.I18nActivationResponseFilter [tcweb-14] (..response.filter.I18nActivationResponseFilter) [operationID=d334ae82-5ee3-4ab0-b568-48fb145c55f0-HMS-3156002,sessionID=BD1BD4DF] | The localized message is: A replication error occurred at the vSphere Replication Server for replication 'vm-name'. Details: 'No connection to VR Server for virtual machine vm-name on host host-name in cluster cluster-name: Unknown'.

 

Environment

VMware Live Recovery

 

Cause

The hbrsrv services and hbr-agent on ESXI are utilizing the wrong SSL certificate information for connectivity and the traffic is being rejected. 

The following error can be observed in the /opt/vmware/hms/logs/hms.log while performing mappings test - the SSL certificate output will be invalid and will not match the actual SSL endpoint,

####-##-## ##:##:##.548 DEBUG com.vmware.hms.net.HbrAgentHealthMonitorService [hms-main-thread-1510] (..hms.net.HbrAgentHealthMonitorService) [] | Ping test execution result for host 'host-#####', group 'PING-GID-6601c9f5-a8ae-4508-8108-############', hbrBroker: '(hms.HbrBrokerEndpoint) {
   dynamicType = null,
   dynamicProperty = null,
   ipAddress = Target vSphere Replication Appliance IP,
   lwdPort = 31031,
   lwdsPort = 32032,
   certificate = -----BEGIN CERTIFICATE-----
MIIDFzCCAf+gAwIBAgIEe6HFXTANBgkqhkiG9w0BAQsFADA8MRAwDgYDVQQKEwdV
...
HFD06ACtyQSph5/YCDNoo9D/OAhuk1ugdHmk
-----END CERTIFICATE-----

}' is: '{"group":"PING-GID-6601c9f5-a8ae-4508-8108-############","endpoints":{"broker":{"address":"Target vSphere Replication Appliance IP","port":32032,"connectivity":{"tcp":true,"ssl":false},"latency":{"tcp":{"value":1396,"units":"us"}},"failReaso
n":"Connect: certificate verify failed (SSL routines)"},"targets":[]},"sourceHostId":"host-#####","sourceHostName":"SOURCE ESXI HOST","targetHostId":"host-#####","targetHostName":"DESTINATION HOST"}'.

from /var/run/log/hbr-agent.log

####-##-## ##:##:##.165Z In(166) hbr-agent-bin[2107446]: [0x000000bd451ec700] info: [Proxy [Group: GID-5ecc1ac6-faf8-448e-ab35-d4bf3aa09c10] -> [xx.xx.xx.xx:32032]] Bound to vmk: vmk5 for connection to ##.##.##.##:32032
####-##-## ##:##:##.166Z In(166) hbr-agent-bin[2107446]: [0x000000bd450ea700] info: [Proxy [Group: GID-5ecc1ac6-faf8-448e-ab35-d4bf3aa09c10] -> [xx.xx.xx.xx:32032]] TCP Connect latency was 583µs
####-##-## ##:##:##.168Z In(166) hbr-agent-bin[2107446]: [0x000000bd4516b700] error: [Proxy [Group: GID-5ecc1ac6-faf8-448e-ab35-d4bf3aa09c10] -> [xx.xx.xx.xx:32032]] SSL handshake failed: certificate verify failed (SSL routines)
####-##-## ##:##:##.168Z In(166) hbr-agent-bin[2107446]: [0x000000bd4516b700] error: [Proxy [Group: GID-5ecc1ac6-faf8-448e-ab35-d4bf3aa09c10] -> [xx.xx.xx.xx:32032]] Failed to connect to server ##.##.##.##:32032 using broker info: certificate verify failed (SSL routines)
####-##-## ##:##:##.168Z In(166) hbr-agent-bin[2107446]: [0x000000bd4516b700] error: [Proxy [Group: GID-5ecc1ac6-faf8-448e-ab35-d4bf3aa09c10] -> [xx.xx.xx.xx:32032]] Exhausted all server endpoints reported by broker.

Resolution

Restart the hbr-agent & hbrsrv service on all ESXi hosts involved in the mappings test 

Restart the hbrsrv and hms service on both source and target vSphere Replication Appliance.

Run test in SRM UI for vSphere Replication server under Enhanced Replication mappings,

Follow path - vSphere Client > Site Recovery Plugin > Open Site Recovery > View Details > Enhanced Replication Mappings -> Run all tests

Powered by Wolken Software