Knowledge Base
Installing or upgrading to vCenter Site Recovery Manager using a custom certificate fails with the error: Failed to install certificate (2036909)
Symptoms
- Cannot install or upgrade to vCenter Site Recovery Manager (SRM) 5.1 with an imported certificate
- Installing/upgrading to SRM 5.1 using an imported PKCS12 certificate fails
- The installer runs until the end but then fails
- You see the error:
Failed to install certificate.
- When using the verbose log level, the SRM install log reports errors similar to:
VMware: Srm::Installation::Utility::LaunchApplication: INFORMATION: Executable finished executing. Result code=24
VMware: Srm::Installation::Utility::GetMsgFromErrorTable: ERROR:MsiGetActiveDatabase() failed. Trying MsiOpenDatabase().
VMware: Srm::Installation::Utility::GetMsgFromErrorTable: INFORMATION: Error message is Unable to retrieve credentials from the credentials store
Cause
This is a known issue that affects SRM 5.1 build 820150 installation/upgrade when using a custom SSL certificate (which implies that vCenter Server is also using a custom SSL certificate).
Resolution
This issue is resolved in SRM version 5.1.0.1 (Build 941848). To download SRM 5.1.0.1, see the VMware Download Center.
For more information, see the SRM 5.1.0.1 release notes.
VMware strongly recommends upgrading to SRM 5.1.0.1 to resolve this issue. However, if upgrading to 5.1.0.1 is not possible, use this workaround. Follow all of these steps, for both sites, before attempting any sort of connection or configuration through the vSphere Client.
VMware strongly recommends upgrading to SRM 5.1.0.1 to resolve this issue. However, if upgrading to 5.1.0.1 is not possible, use this workaround. Follow all of these steps, for both sites, before attempting any sort of connection or configuration through the vSphere Client.
Caution: VMware does not support running SRM and vCenter Server in a mixed mode where vCenter Server uses trusted certificates and SRM does not. This workaround passes through that mode briefly when SRM is first installed with automatically generated certificates. After implementing this workaround, you may experience issues modifying your SRM installation. To be alerted when this article is updated with a more permanent resolution, click Subscribe to Document in the Actions box.
- Run the SRM installer.
- Select the option to automatically generate a certificate.
- Allow the installer to complete.
- Open a command prompt run as Administrator.
- cd into the SRM install path HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware vCenter Site Recovery Manager\InstallPath.
Note: The install path is typically C:\Program Files\VMware\VMware vCenter Site Recovery Manager\bin.
- Run this command to stop vCenter Site Recovery service:
sc stop vmware-dr
- Run this command to replace the default certificate with the custom one:
srm-config.exe -cmd confcertbased -sitename <your site name> -crt <path to your .p12 file> -cfg ..\config\vmware-dr.xml -extcfg ..\config\extension.xml -vc <vc hostname[and optionally :port]> -u <your VC user name>
- When prompted, enter your password for the vCenter Server user you specified.
- When prompted, enter the password for the .p12 file you specified. The password is the same as one used during certificate generation.
Note: This results in these three errors, which you can disregard:-
Could not get size of data from registry
-
Unable to load credentials
-
Error [24]: cannot retrieve credentials
For example:
-
- Run this command to start vCenter Site Recovery service:
sc start vmware-dr
- Repeat this procedure at the site where SRM is being installed.
Update History
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.
|
|
