Error: "Connection failed to agent" reported by Host-Based Replication server on replicator appliance
search cancel

Error: "Connection failed to agent" reported by Host-Based Replication server on replicator appliance

book

Article ID: 442403

calendar_today

Updated On:

Products

VMware Cloud Director VMware Live Recovery

Issue/Introduction

  • Within the hbrsrv.log on a replicator VM errors similar to the following are seen and refer to ESXi hosts in the infrastructure.

    error hbrsrv[####] [Originator@####sub=AgentConnection opID=#########-####-####-####-##########] Connection failed to agent #########-####-####-####-##########:host-#####/hostd (<ipaddress>): Can't login to the host

    warning hbrsrv[####] [Originator@6876 sub=IO.Connection opID=#########-####-####-####-##########] Failed to SSL handshake; SSL(<io_obj p:#########, h:151, <TCP '<ipaddress> : 42810'>, <TCP '<ipaddress> : 80'>>), e: 167772294(certificate verify failed (SSL routines)), duration: 3msec
    error hbrsrv[####] [Originator@6876 sub=IO opID=#########-####-####-####-##########] HandshakeCb; SSL(<io_obj p:##########, h:168, <TCP '<ipaddress> : 39492'>, <TCP '<ipaddress> : 80'>>); error: N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
    --> PeerThumbprint: <thumbprint1>
    --> ExpectedThumbprint: <thumbprint2>
    --> ExpectedPeerName: <ipaddress>
    --> The remote host certificate has these problems:
    -->
    --> * Host name does not match the subject name(s) in certificate.
    -->
    --> * self-signed certificate in certificate chain)

  • ESXi host certificates were recently replaced.

Environment

VMware Cloud Director Availability 4.7.x

Cause

The Cloud Director Availability (VCDA) Replicator appliance is attempting to establish a Host-Based Replication (HBR) connection with an ESXi host, but the SSL thumbprint presented by the host does not match the one stored in the VCDA database.

Resolution

To resolve this issue synchronize the thumbprints across the VCDA environment. 

To do this re-validate the vCenter Server registration. This triggers a background task that fetches the latest host metadata from vCenter.

  1. Log in to the VMware Cloud Director Availability Management Interface (e.g., https://<Manager-IP>:8044).
  2. In the left pane, navigate to Settings.
  3. Under Service Endpoints, locate the vCenter Server (or Lookup Service) entry.
  4. Click Edit.
  5. Re-enter the credentials if prompted, and click Finish.
  6. A certificate prompt will appear showing the current vCenter/Host trust. Verify and Accept the certificate. This action forces VCDA to update its internal "ExpectedThumbprint" database for all hosts managed by that vCenter.
  7. If the UI refresh does not immediately clear the error in the logs, the Replicator’s hbrsrv process may have cached the old thumbprint. In such a case SSH into the Replicator Appliance as root.
  8. Restart the replication service:

    systemctl restart hbrsrv
Powered by Wolken Software