"Unable to fetch replication partner PSC thumbprint", error adding vCenter to enhanced linked mode sso domain
search cancel

"Unable to fetch replication partner PSC thumbprint", error adding vCenter to enhanced linked mode sso domain

book

Article ID: 422983

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Configuring vCenter Servers in Enhanced Linked Mode (ELM) using 'cmsso-util' fails with error below :

    cmsso-util domain-repoint -m pre-check --src-emb-adm Administrator --replication-partner-fqdn <partner_vcenter.example.com> --replication-partner-admin [email protected] --dest-domain-name vsphere.local

    Enter Source embedded vCenter Server Admin Password :

    Enter Replication partner Platform Services Controller Admin Password :

    Unable to fetch replication partner PSC thumbprint

Environment

  • vCenter Server 7.x
  • vCenter Server 8.x

Cause

This issue is observed when TCP Port 443 is blocked between the vCenter Servers, hence the source vCenter Server where the cmsso-util command was executed couldn't connect to the partner vCenter server over port 443 to verify the credentials.

Resolution

Allow TCP Port 443 communication between both the vCenter Servers if it is blocked in the External Firewalls.

Additional Information

These ports needs to be open between the vCenter Servers in ELM :

  • LDAP for SSO - TCP / 389 - Bi-Directional
  • LDAPS - TCP / 636 - Bi-Directional
  • RPC - TCP / 2012 - Bi-Directional
  • vSphere Authentication Framework access - TCP / 2020 - Bi-Directional
  • SSL Management communication - TCP / 443 - Bi-Directional
Powered by Wolken Software