Live Recovery not functioning after updating vCenter certificate
search cancel

Live Recovery not functioning after updating vCenter certificate

book

Article ID: 418573

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

Symptoms:


End users experiencing issue on Live Recovery after updating vCenter Certificate 

ERROR
Operation Failed
A general system error occurred:
N7Vmacore15SystemExceptionE Failed to reload vpostgres.service: The connection was closed by the remote end during handshake. (1)
Operation ID: ########-####-####-####-######c8924a



From VLSR plugin logs:

(/opt/vmware/support/logs/dr-client-plugin/drplugin.log)

2026-02-09 03:10:52,510 [http-nio-9901-exec-6] ERROR com.vmware.dr.plugin.controllers.DynamicItemsController - Request handling completed with an error.

com.google.common.util.concurrent.UncheckedExecutionException: java.lang.RuntimeException: Unable to get the new vCenter certificate at URL: https://<vCenter-FQDN>/api/vcenter/certificate-management/vcenter/certificate-bundle . Response code: 404, response: Not Found.

Caused by: java.lang.RuntimeException: Unable to get the new vCenter certificate at URL: https://<vCenter-FQDN>/api/vcenter/certificate-management/vcenter/certificate-bundle. Response code: 404, response: Not Found.


SRM server logs report certificate trust warnings (this is usually observed for vCenter with custom CA certificates):

(/opt/vmware/support/logs/srm/vmware-dr.log)

2026-02-10T03:56:40.219Z warning vmware-dr[143898] [SRM@6876 sub=Default connID=1kp-0j] Unrecognized SSL certificate error flags: 0x0000000008000000

2026-02-10T03:56:40.219Z warning vmware-dr[143898] [SRM@6876 sub=LocalLkpServer connID=1kp-0j] Failed to connect
--> (dr.fault.CertificateNotTrustedByDr) {
--> faultCause = (dr.fault.CertificateUnknownError) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,

--> name =""
--> uuid = "",
--> address = "<vCenter-FQDN>",
--> port = "443",
--> reason = (vmodl.MethodFault) null
--> msg = ##

Environment

VMware Live Recovery

Cause

When the SSL certificate of the vCenter Server Appliance is renewed or replaced, the new certificate information is not automatically propagated to the VMware Live Site Recovery Appliance.

As a result, the VMware Live Site Recovery Appliance retains the old certificate trust, causing the management connection between vCenter and VMware Live Site Recovery to break. This results in a “Disconnected” status being displayed in the VMware Live Site Recovery Appliance management interface.

Resolution

1. Login to Live Recovery VAMI page

2. Check summary - hostname and verify that it matches with certificate

3. If necessary change certificate 

4. Then reconfigure the appliance

Steps to perform Reconfigure of Appliance and Certificate Change

Reconfigure the Appliance

 

  1. Log into the VMware Live Site Recovery Appliance Management Interface (VAMI):

    • Open a browser and navigate to:

      https://<VLR-Appliance-IP>:5480

  2. Once logged in, access the Management Page of the appliance.

  3. Click Reconfigure to start the update process.

  4. Enter the vCenter Server username and password, then click Next.

  5. Complete the Configure process

  6. Allow the VMware Live Site Recovery Appliance to reconfigure and refresh the browser once more.

 

Note : If the sites are showing disconnected in the Recovery UI, perform a Reconnect.

 

Renewing (changing) the Certificate

 

  1. Log into the VMware Live Site Recovery Appliance Management Interface (VAMI):

    • Open a browser and navigate to:

      https://<VLR-Appliance-IP>:5480

  2. Once logged in, access the Management Page of the appliance.

  3. Navigate to the following menu:

    Certificates → Change → Change

  4. Refresh the browser and log back into the VAMI.

  5. Click Reconfigure to start the update process.

  6. Enter the vCenter Server username and password, then click Next.

  7. Complete the Configure process

  8. Allow the VMware Live Site Recovery Appliance to reconfigure and refresh the browser once more.

 

Note : If the sites are showing disconnected in the Recovery UI, perform a Reconnect.



After reconfiguring If issue still persist :

  1. Extract and add vCenter Root certificate and CA certificate to VLSR Appliance Management page:

    a. Launch vSphere Client and click on 'View Site Information' next to vCenter URL.
    b. Click on 'Connection is secure' > 'Show Certificate'
    c. On Certificate Viewer > Click on 'Details' tab.
    d. Under 'Certificate Hierarchy' > Select 'Root certificate' > Click on 'Export' > Save the Certificate on local workstation.
    e. Similarly, save the Intermediate custom CA certificate.

  2. Open these two Certificates in notepad.

  3. Go to VLSR Appliance Management page (https://VLSR_FQDN:5480) and login with 'Admin' user and password.
  4. Go to 'Certificates' tab and click on 'Add'

    a. Under 'Intermediate' > add CA certificate as opened in step-3.
    b. Under 'Root' > add Root certificate as opened in step-3.
  5. Reconfigure VLSR appliance again to re-register it with vCenter.

Additional Information

Change the VMware Live Site Recovery Appliance Certificate
Reconfigure the VMware Live Site Recovery Appliance

Powered by Wolken Software