Search the VMware Knowledge Base (KB)
View by Article ID

Registering VMware vSphere Replication (VR) to vCenter Server fails with the error: Unable to obtain SSL certificate (2085155)

  • 43 Ratings
Language Editions

Symptoms

  • Cannot register VMware vSphere Replication (VR) to vCenter Server.
  • Registering VMware vSphere Replication (VR) to vCenter Server fails.
  • Register VR appliance fails.
  • You see the error:

    Unable to obtain SSL certificate: Bad server response: is a vCenter server listening on the given host and port
             Unable to obtain ssl certificate: bad server response; is a lookupservice listening on the given address?

    Cause

    This issue occurs when the vCenter Server SSL certificate is issued against its Fully Qualified Domain Name (FQDN). This issue occurs because the vSphere Replication (VR) appliance is unable to resolve the FQDN of vCenter Server.

    Trying to use the IP address of vCenter Server as an alternative to FQDN also results in the same error.

    Resolution

    Note: When vSphere Replication Management Server (VRMS) tries to validate the SSL certificate of vCenter Server, it is either unable to connect to vCenter Server because of DNS resolution or SSL is invalid because it is against the FQDN and not the IP address.

    To resolve this issue, use one of these options:

    • Ensure that there is no DNS issues and the FQDN of vCenter Server can be resolved from inside the VR appliance.
    • Add a static entry to /etc/hosts of the VR appliance to point to vCenter Server:

      echo "xxx.xxx.xxx.xxx vcenter_FQDN.domain.local vcenter_FQDN" >>/etc/hosts

    After performing one of the preceding options, re-register the appliance using the FQDN of vCenter Server.

    To re-register the appliance using the FQDN of vCenter Server:

    1. Log in to the VR server as the root user.
    2. Run this command to change the directory to /opt/vmware/hms/libs:

      # cd /opt/vmware/hms/libs

    3. Run this command to re-register the appliance:

      # java -jar va-util.jar -cmd certauth -host VC_FQDN -port 80 -user VC_username -pass VC_password -extkey com.vmware.vcHms -keystore /opt/vmware/hms/security/hms-keystore.jks -keystorealias jetty -keystorepass vmware

      Note: In VMware vSphere Replication 6.0.x, the default keystore password is random. The password vmware no longer applies. To acquire the password, run this command:

      cat /opt/vmware/hms/conf/hms-configuration.xml | grep keystore

    4. Restart the VRMS service using this command:

      # service hms restart

    Note: If the IP address of vCenter Server is changed, you have to edit the /etc/hosts file and update (or remove if you are able to fix the DNS) the entry added earlier.

    See Also

    Request a Product Feature

    To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

    Feedback

    • 43 Ratings

    Did this article help you?
    This article resolved my issue.
    This article did not resolve my issue.
    This article helped but additional information was required to resolve my issue.

    What can we do to improve this information? (4000 or fewer characters)




    Please enter the Captcha code before clicking Submit.
    • 43 Ratings
    Actions
    KB: