In VMware Live Cyber Recovery (VLCR), a connector newly deployed over the public internet fails to connect to the Cloud File System (SCFS). The VLCR UI displays the following error message:

Connector in protected site is unable to reach cloud file system: Connection to the cloud file system was unsuccessful on Port 443.

Executing the drc network test command on the connector appliance shows that the VCENTER, ORCHESTRATOR, and SUPPORT entities are REACHABLE, but the SCFS entity reports as UNREACHABLE on port 443.

VMware Live Cyber Recovery (VLCR)

This issue occurs when an upstream network security appliance or perimeter firewall is performing SSL Packet Inspection (Deep Packet Inspection / DPI) on outbound traffic originating from the connector appliance. The packet inspection intercepts and modifies the certificate chain. This breaks the mutual TLS (mTLS) authentication required by VLCR for secure communication with the Cloud File System, causing the connection to fail even if TCP port 443 is physically open.

To confirm and resolve the issue, perform the following steps:

1. Verify general outbound connectivity by running the built-in diagnostic test from the connector menu: drc network test

2. Note the connection status. If the Orchestrator and Support entities are REACHABLE but the SCFS is UNREACHABLE, this indicates a selective traffic interception rather than a total outbound routing failure.

3. Engage VMware Global Support to open a remote support tunnel and execute advanced TLS diagnostics from the root shell.

4. If a standard TCP port check succeeds, but the TLS handshake test (openssl s_client -connect ####:443) fails with an Unable to load certificate error, SSL inspection is actively blocking the handshake.

5. Engage your local network or security administration team.

6. Instruct the network team to explicitly bypass or disable SSL packet inspection (DPI) on the perimeter firewall for all outbound traffic originating from the connector appliance's IP address.

7. Once the firewall bypass is implemented, verify that the connector status indicator in the VLCR UI transitions to green and the SCFS reports as reachable.

VMware Live Cyber Recovery requires direct, uninspected TLS connections to all cloud endpoints. Intercepting proxies or SSL decryption appliances are not supported for connector traffic.