Symptoms:

• This article addresses the failure of the VMware Site Recovery Manager (SRM) 9.0.2 appliance to successfully establish a site pairing connection with its corresponding vCenter Server. The failure occurs immediately upon attempting the pairing operation and is characterized by a critical SSL Handshake failure when the SRM appliance attempts to connect to the vCenter Lookup Service.
• You may see this error while attempting to pair the sites: Unable to connect to lookup service at https://vCenterFQDN:443/lookupservice/sdk. Reason: javax.net.ssl.SSLException: SSL handshake from 0.#.#.0/0.#.#.0: #### to vCenter FQDN/IP address:443 failed in 4ms.
• You may see this message in VLSR appliance - opt/vmware/support/logs/dr-client/dr.log

         2025-11-10 05:58:27,995 [srm-reactive-thread-23] WARN  com.vmware.dr.ui.tools.reactive.impl.PromiseImpl 16239#####8###09 05####9df-####-####-####-105####22dc checkPscCredentials - Function 'com.vmware.dr.client.shared.pairing.CheckPscCredentialsRequestHandler$$Lambda/0x0000########7dc0@7####ce7' failed.
     com.vmware.vim.vmomi.client.exception.SslException: Unable to connect to Lookup Service at https://T#####.#####.com:443/lookupservice/sdk. Reason: javax.net.ssl.SSLException: SSL handshake from 0.#.#.0/0.#.#.0:##### to vCenter FQDN/1#.#.##.###:443 failed in 4 ms.
        at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:265)
        at com.vmware.vim.vmomi.client.http.impl.HttpExchangeBase.setResponseError(HttpExchangeBase.java:362)
        at com.vmware.vim.vmomi.client.http.impl.HttpExchange.invokeWithinScope(HttpExchange.java:59)
        at com.vmware.vim.vmomi.core.tracing.NoopTracer$NoopSpan.runWithinSpanContext(NoopTracer.java:120)
        at com.vmware.vim.vmomi.client.http.impl.TracingScopedRunnable.run(TracingScopedRunnable.java:17)
        at com.vmware.vim.vmomi.client.http.impl.HttpExchangeBase.run(HttpExchangeBase.java:52)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.lambda$wrap$1(ThreadContext.java:55)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:209)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.execute(ThreadContext.java:185)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:76)
        at com.vmware.dr.ui.tools.utilities.ThreadContext.setupContext(ThreadContext.java:105)
        at com.vmware.dr.ui.tools.utilities.ExecutorUtils.lambda$wrap$1(ExecutorUtils.java:36)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)

• Name resolution failure was confirmed via nslookup where the forward lookup (A record) of the FQDN returned lowercase characters while the corresponding reverse lookup (PTR record) displayed the FQDN using uppercase characters, indicating a critical DNS record case sensitivity mismatch.

         Ex: root [ /home/admin ]# nslookup abcd####.#####.com
        Server: 1#.#.##.##
        Address:1#.#.##.##53

        abcd###.######.com
        Address: 1#.#.##.###

        root [ /home/admin ]# nslookup 1#.#.##.###
        1##.##.#.##.in-addr.arpa   name = ABCD####.#####.com

VMware Live Site Recovery Manager 9.x

• DNS Mismatch (Case Sensitivity): Inconsistent capitalization between the vCenter Server's Forward DNS (A record) and Reverse DNS (PTR record). This case mismatch violates strict validation checks performed during the SSL/TLS handshake process, specifically related to hostname verification against the certificate's Common Name (CN).
• vCenter Trust Mismatch: An underlying corruption or misalignment within the vCenter Single Sign-On (SSO) and Lookup Service certificate trust store. This prevents the SRM appliance from accepting the vCenter's security certificate, causing the connection attempt to be aborted with the javax.net.ssl.SSLException.

1. Ensure the Fully Qualified Domain Name (FQDN) used for the vCenter Server has perfectly matching capitalization between its Forward (A) and Reverse (PTR) DNS records. Consistency (preferably all lowercase) is mandatory for VMware component communication.
2. vCenter Trust Repair: Execute the lsdoctor utility on the vCenter Server appliance to diagnose and automatically fix any integrity or trust mismatches within the Lookup Service and SSO environment.

To fix trust mismatch issues, follow article: Using the 'lsdoctor' Tool