Reconfiguring the Site Recovery Manager appliance fails with Error - Failed to register H5 UI
search cancel

Reconfiguring the Site Recovery Manager appliance fails with Error - Failed to register H5 UI

book

Article ID: 410328

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms:

  • Site Recovery Manager's reconfiguration attempt fails, the error below appears.


    ERROR
    Operation Failed
    A general system error occurred: Failed to register H5
    UI.

  • The SRM plugin on the vCenter UI looks like below when the SRM appliance's reconfiguration fails.

Environment

VMware Site Recovery 8.7

Cause

The SSL trust mismatch between the vCenter server and the Site recovery manager prevents the configuration from being completed.

  • From /var/log/vmware/dr/drconfig.log found trustfix issues,

--> com.vmware.srm.client.topology.impl.vmomi.TokenProvider$AcquireTokenFailed: Unable to acquire token from SSO Server at 'https://#####vcsa##.###-##.###/###-###########/s
dk/##########.local'.
-->     at com.vmware.srm.client.topology.impl.core.mxn.nodes.TokenProviderImpl.lambda$doLogin$2(TokenProviderImpl.java:83)
-->     at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$ApplyCompletion.complete(PromiseImpl.java:239)
-->     at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$Result.complete(PromiseImpl.java:41)
-->     at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$Completion.lambda$setResult$0(PromiseImpl.java:63)
-->     at com.vmware.dr.ui.tools.utilities.ThreadContext.lambda$wrap$1(ThreadContext.java:55)
-->     at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:209)
-->     at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:185)
-->     at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:76)
-->     at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:105)
-->     at com.vmware.dr.ui.tools.reactive.impl.PromiseImpl$Completion.lambda$setResult$1(PromiseImpl.java:63)
-->     at com.vmware.dr.ui.tools.utilities.AsyncConsumer$Worker.run(AsyncConsumer.java:38)
-->     at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
-->     at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
-->     at java.base/java.lang.Thread.run(Unknown Source)
--> Caused by: com.vmware.vim.sso.client.exception.CertificateValidationException: The SSL certificate of STS service cannot be verified against the client-trusted thumbpri
nt.  STS-Service:C282153C20473A9728414F34C1758D59E72511C8BFB941750E4EF7019E395959  Client-Trust:0F:C4:C5:CB:5C:2E:4C:33:63:DE:A8:EC:A6:84:00:43:24:92:8A:40:1B:05:D1:88:28:C
4:27:80:AE:2D:C0:CE
-->     at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:993)
-->     at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:902)
-->     at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireToken(SecurityTokenServiceImpl.java:155)
-->     at com.vmware.vim.sso.client.SecurityTokenService$$FastClassByCGLIB$$a801c25f.invoke(<generated>)
-->     at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
2025-09-14T02:35:15.431Z info drconfig[01254] [SRM@6876 sub=ConfigOp opID=2e8b8bb1-da21-48fd-82ac-feab830d29be-configure:c19a] Exiting ConfigureUI
2025-09-14T02:35:15.431Z info drconfig[01254] [SRM@6876 sub=ConfigOp opID=2e8b8bb1-da21-48fd-82ac-feab830d29be-configure:c19a] Entering FixOwnership
2025-09-14T02:35:15.437Z info drconfig[01254] [SRM@6876 sub=ConfigOp opID=2e8b8bb1-da21-48fd-82ac-feab830d29be-configure:c19a] Exiting FixOwnership
2025-09-14T02:35:15.437Z error drconfig[01254] [SRM@6876 sub=ConfigOp opID=2e8b8bb1-da21-48fd-82ac-feab830d29be-configure:c19a] Operation failed
--> (vmodl.fault.SystemError) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>,
-->    reason = "Failed to register H5 UI."
-->    msg = ""
--> }
--> 

The SSL trust mismatch occurred due to vCenter SSL certificate of STS Service cannot be verified.

  • Lsdoctor script reports trust mismatch between SRM and vCenter server,

    python lsdoctor -l
    .
    2025-09-14T03:44:08 INFO live checkCerts: Checking services for trust mismatches ...
    .
    2025-09-14T03:44:08 ERROR generateReport: default-first-site\#####vcsa##.###-##. ### [VC 7.0 or CGW) found SSL Trust Mismatch: Please run python ls doctor.py -- trustfix option on this node.
    .
    .

Resolution

  • To fix SSL trust mismatch between vCenter server and SRM/VR, follow below steps..
Note: Before proceeding to follow article, capture vCenter server Snapshot.
for vCenter server in linked mode please capture offline snapshots.

  1. To use lsdoctor, you must download the ZIP file attached to this article Using the 'lsdoctor' Tool, .  Then, use the file-moving utility of your choice (WinSCP for example) to copy the entire ZIP directory to the node on which you wish to run it.

    NOTE:  If you have trouble connecting to a vCenter appliance using WinSCP, please see Error when uploading files to vCenter Server Appliance using WinSCP

  2. Change your directory to the location of the file, and run the following command: unzip lsdoctor.zip

    python lsdoctor.py --help

  3. Run “python lsdoctor.py -l”

  4. Review output for issues found.  Each node will be represented by it’s SSO site followed by its hostname or PNID

  5. Run “python lsdoctor.py -t”

  6. Verify that you have taken the appropriate snapshots

  7. Provide the password for your SSO administrator account

  8. Once the script completes, restart all services on all nodes in the SSO site

  9. Re-Configure any external solutions that were previously pointed to the affected node(s) (SRM, vSphere Replication, etc.)

  • If the above mentioned steps are followed and still issue persists, open a case with Broadcom Technical Support to investigate further.
Powered by Wolken Software