SRA command 'discoverDevices' failed.Connection to storage system <IP-address> failed.Error: x509 cannot validate certificate for <IP-address>
Article ID: 402552
Updated On:
Products
VMware Live Recovery
Issue/Introduction
Symptoms:
- After upgrading the SRA, navigating in the SRM DR page UI to Site Pair > Configure > Array Based Replication > Array Pairs displays an error when attempting to open the Array Pairs.
Error: SRA command 'discoverDevices' failed.Connection to storage system <IP-address> failed.Error: x509: cannot validate certificate for <IP-address> because it doesn't contain any IP SANs.
Environment
VMware Site Recovery Manager 8.x
VMware Live Recovery 9.x
Cause
Site Recovery Manager (SRM) caches the storage system's certificate during initial discovery; if the certificate changes or expires later, SRM fails to validate it, leading to connection failure.
Resolution
Manually remove the outdated certificate from both SRM sites and rediscover the storage system:
Note:Take a snapshot or proper backup of the SRM appliance before proceeding with the below mentioned steps.
- SSH into both SRM appliances.
- List Docker containers:
docker ps - Access the container shell:
docker exec -it <container_id> /bin/sh - Navigate to the certificate cache directory:
/srm/sra/certs - Please contact the storage system vendor to verify the currently cached certificate and remove any outdated certificate file using the command:
rm <Array_IP>.pem - Additionally, engage the storage vendor to validate or regenerate a valid certificate, if necessary, to ensure secure communication between the SRA and the storage system.
- Re-run the Discover Storage System Pair in the SRM UI by editing the local and remote array pair and entering the required details.
- Following the above steps will ensure SRM fetches the updated storage system certificate and successfully establishes a connection with the storage system.
Feedback
Yes
No
Powered by
