Issue/Introduction: Users may encounter a situation where the VMware Site Recovery Manager (SRM) appliance becomes inaccessible, and the srm-server service fails to start. Attempts to log into the SRM interface result in 503 Service Unavailable errors. Additionally, the UI may report SSL verification exceptions specifically mentioning a mismatch between PeerThumbprint and ExpectedThumbprint, along with the error: unable to get local issuer certificate.

VMware Live Site Recovery - All versions

This issue can be caused by an interoperability mismatch between the SRM/vLSR appliances and the vCenter Server. When vCenter is upgraded to a version that is no longer compatible with the existing SRM build, the handshake between services fails. This manifests as certificate thumbprint errors because the updated vCenter environment no longer trusts or recognizes the older registration parameters of the SRM/vLSR services.

To resolve this issue, you must align the versions of your disaster recovery stack with the vCenter Server version.

1. Verify Compatibility: Before proceeding with any installs, check the Broadcom Interoperability Matrix to identify the supported version of SRM/vLSR for your current vCenter Server build.

2. Upgrade SRM and vLSR:

   • Download the compatible ISO/update bundle for Site Recovery Manager and vSphere Replication.

   • Perform the upgrade on the vSphere Replication appliance first, followed by the SRM appliance.

   • In many cases, the "upgrade" process replaces the stale thumbprints and re-registers the services with the new vCenter certificates.

3. Run the Reconfigure Wizard: Once the appliances are on a compatible version, run the Reconfigure wizard from the Appliance Management Interface (port 5480). This will prompt you to accept the new vCenter certificates and update the local service registrations.