Enhanced Replication Mappings fails with Error: Fault occurred while performing health check. Details: 'Connect: certificate verify failed (SSL routines)'.
search cancel

Enhanced Replication Mappings fails with Error: Fault occurred while performing health check. Details: 'Connect: certificate verify failed (SSL routines)'.

book

Article ID: 416193

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms:

  • Enhanced Replication mappings appears in error as below,



    Fault occurred while performing health check. Details: 'Connect: certificate verify failed (SSL routines)'.

  • The Enhanced Replication mappings initially displayed below error after running Test mappings, error changed to the one in above screenshot.



    Error: Fault occurred while performing health check. Details: 'Login: Login denied. Login request is denied

Environment

VMware Live Recovery

Cause

The issue will arise if a certificate is renewed or changed or upgrade activity is performed on the vCenter server or the SRM/VR server. Both SRM and VR servers must undergo immediate reconfiguration in order for the vCenter certificates to be updated.

+ From vSphere Replication server /opt/vmware/support/logs/dr-client/dr.log, 

####-##-## ##:##:##, 808 [srm-reactive-thread-6] WARN com. vmware.dr.ui.tools.reactive. impl. PromiseImpl -7299076570954652164 1c326857-3851-403e-84c8-bca0b36ace02
tion 'com. vmware. srm. client. topology. impl. core.mxn.nodes. TokenProviderImpl$$Lambda/0x00007f2cc8d2c110@52729389' failed.
com. vmware. srm. client. topology. impl. vmomi. TokenProvider$AuthenticationTokenNotAvailable: No authentication token available for SSO Server at 'https://#############.####.##########.##.##/sso-###########/sdk/#####.ib'
at com. vmware. srm. client.topology. impl. core.mxn.nodes. TokenProviderImpl. lambda$getToken$1(TokenProviderImpl.java:56)
at com. vmware.dr.ui.tools.reactive. impl. PromiseImpl$ApplyCompletion.complete (PromiseImpl.java:239)
at com. vmware.dr.ui. tools.reactive. impl. PromiseImpl$Result. complete (PromiseImpl. java: 41)
at com. vmware.dr.ui.tools.reactive. impl.PromiseImpl$Completion.lambda$setResult$0(PromiseImpl.java:63)
at com. vmware.dr.ui. tools. utilities. ThreadContext. lambda$wrap$1 (ThreadContext.java: 55)
at com. vmware.dr.ui. tools.utilities. ThreadContext.execute (ThreadContext.java:209)
at com. vmware.dr.ui. tools.utilities. ThreadContext. execute (ThreadContext.java: 185)
at com. vmware.dr.ui.tools. utilities. ThreadContext. setupContext (ThreadContext.java: 76)
at com. vmware.dr.ui.tools. utilities. ThreadContext.setupContext (ThreadContext.java: 105)
at com. vmware.dr.ui.tools.reactive. impl. PromiseImpl$Completion. lambda$setResult$1(PromiseImpl.java:63)
at com. vmware.dr.ui.tools.utilities.AsyncConsumer$Worker.run (AsyncConsumer.java:38)
at java.base/java. util.concurrent. ThreadPoolExecutor.runWorker (Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run (Unknown Source)
at java.base/java.lang. Thread.run (Unknown Source)
Caused by: com. vmware.srm.client. topology.client.Topology$TopologyException$SrmRuntimeException: No authentication token available for SSO Server at 'https://#############.####.##########.##.##/sso-###########/sdk/#####.ib'
at com. vmware.srm. client.topology.client. Topology$TopologyException .< init> (Topology. java:29)
at com. vmware. srm. client. topology. impl. vmomi. TokenProvider$AuthenticationTokenNotAvailable .< init> (TokenProvider. java:29)

+ Authentication fails to complete on vCenter server, as its unable to issue token.

From /opt/vmware/support/logs/dr/drconfig.log,

####-##-## ##:##:##.3632 warning drconfig[02318] [SRM@6876 sub=IO.Connection opID=ecda53d7-43c0-4d2d-9c62-45fca7659bd9-probeSsl] Failed to SSL handshake; SSL(<io_obj p:0x00007f0d941le810, h:19, <TCP '##.###.###.### : 37616'>, <TCP '##.###.###.### : 443'>>), e: 167772294(certificate verify failed (SSL routines) ), duration: 4msec ####-##-## ##:##:##.3632 warning drconfig[02318] [SRM@6876 sub=ProbeSsl.Url.DrConfigSs1CertificateManager opID=ecda53d7-43c0-4d2d-9c62-45fca7659bd9-probeSsl] SSL client handshake to '#############.####.##########.##.##:443' failed.
-> N7Vmacore3Ss118SSLVerifyExceptionE SSL Exception: Verification parameters:
-> PeerThumbprint: ##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
-- > ExpectedThumbprint:
-- > ExpectedPeerName: #############.####.##########.##.##
-> The remote host certificate has these problems:
->
-- > * unable to get local issuer certificate
####-##-## ##:##:##.3652 verbose drconfig[2087307] [SRM@6876 sub=Default.SaSiteConnections opID=0d70ccff-b4f5-4c46-9b37-b193305eb6da-getActiveAgent] Connection to LS++
'https://#############.####.##########.##.##:443/lookupservice/sdk' created

+ Logs above display error with thumbprint mismatch as it reports a different "PeerThumbprint" and "ExpectedThumbprint".

Resolution

SRM/VR appliances must be reconfigured in order for the thumbprints/certificates of newly or upgraded vcenter servers to be updated in SRM/VR databases.

Note: Please capture SRM, VR and VC Snapshots before performing appliance reconfiguration.

Refer to the document to reconfigure SRM - Reconfigure the Site Recovery Manager Appliance

Refer the document to reconfigure vSphere Replication appliance - Reconfigure vSphere Replication

Perform reconnect of Site Pair post reconfiguring SRM's, refer - Reconnect the Connection Between Sites.

Powered by Wolken Software