Symptoms :

Ransomware Recovery plan fails with error: VM <'VM_Name'> failed recovery. Error: Cyber Recovery internal error. Please contact support.

Followed with Error: Failed to set network isolation for VM <'VM_Name'>

The Ransomware Recovery plan starts failing after the recent VLCR upgrade.

Validation:

Change of VM Network isolation will fail with the error: "Could not retrieve network isolation rules. Contact VMware support "

Under the Recovery plan > Select VM > Other Action > Change network isolation

On the Recovery VMC on AWS SDDC, Notice the Firewall rules with CWP naming convenience. ex: "CloudDR-Isolation-CWC-Allow"

VMware Live Cyber Recovery 7.27.x

VMC on AWS SDDC.

This is a rare scenario where one of the Ransomware Recovery (RWR) plans failed before the upgrade, which led to the "vmc_site" table in the IRR database being updated with "value 1". However, since the plan was not successfully activated, the associated counters were never reset to 0. As a result, the NSX Isolation Policies were not cleared.

• Connect to Recovery SDDC and cleanup the rules  with "CloudDR-Isolation-xxx" and not other rules

  • Go to the "Networking & Security" Tab and cleanup the rules under :

    Security > Gateway Firewall > Compute Gateway

    Security > Gateway Firewall > Tier-1 Gateways

    Security > Distributed Firewall > Category Specific Rules

    Inventory > Groups > Compute Groups

• Deactivated & activated the ransomware recovery plan.

• Cross-verified the compliance check.

• Post activation, New VLCR isolation firewall rules get created with new naming convention [EDR].

Note: Clean up the stale VM files and folder on the DR datastore which was created during the test failure. [ ignore if there are no stale ]

If the issue persists, please raise a VLCR support ticket on Broadcom Support portal.