In a VMware Cloud Foundation (VCF) or standalone vSphere environment, the vSphere Replication (VR) 8.7 plug-in fails to load following a vCenter certificate rotation.

Symptoms:

• Navigating to Site Recovery in the vSphere Client returns: Unable to read configuration.

• Reconfiguration of the vSphere Replication appliance via VAMI completes successfully, but the UI error persists.

• Redacted log snippet from /opt/vmware/support/dr-client/dr.log: [<REDACTED_TIMESTAMP>] [WARN ] ... Permission denied to access the configuration. [<REDACTED_LOG_MESSAGE>]

vSphere Replication 8.7.x
vCenter Server 7.x / 8.x

The issue is caused by a trust failure where the HMS service or the vSphere UI client maintains an outdated vCenter SSL thumbprint in its local configuration or session cache.

Note: In the majority of cases, performing Step 1 will resolve the issue immediately.

1. Primary Fix: Reconfigure via VAMI

   • Log in to the vSphere Replication VAMI (https://<REDACTED_VR_IP>:5480).

   • Under the Configuration tab, enter the SSO administrator credentials and select Save and Restart Service.

   • This forces the HMS service to pull the current vCenter certificate and update its local configuration.

2. Tertiary Fix: Address Lookup Service Trusts

   • If the error persists after clearing the cache, use the Lookup Service Doctor (lsdoctor) tool on the vCenter Server.

   • Run python lsdoctor.py --trustfix to ensure the vCenter certificate change is propagated to all service registrations.

• vSphere Replication UI Error: Unable to Read Configuration in Site Recovery Plugin (KB 395750)

• vSphere Replication UI error: Unable to read configuration (KB 392442)

• Using the 'lsdoctor' Tool (KB 320837)