vSphere

vSphere Replication & Self Signed Certificates

This week I noticed that vSphere Replication had stopped working on both primary and secondary sites. I logged into the VAMI for both vSphere Replication appliances and noticed that the self signed certificates for had both expired. Closer inspection showed that on a default installation, the self signed certificates are only valid for 1 year.

To determine when the certificate expires, navigate to VR > security on the VAMI:

Replication-certificate

 

 

 

The resolution in the official VMware documentation explains that you just need to regenerate the certificate and restart the services:

  • VR > Configuration
  • Input the password for the SSO administrator account
  • Scroll to SSL Certificate Policy
  • “Generate and Install” This will generate a new self-signed certificate.
  • “Save and restart Service”

However I found that although the certificate has been replaces, the vSphere Replication services would keep going offline and in the vSphere client it would not show vSphere Replication as enabled.  A reboot did not fix the problem.

I finally found that powering off and then powering back on the appliances would fix the problem.

An SR with VMware explained that usually a simple restart of the services via the VAMI would resolve the problem but in some cases a full power off and power on is required. I suspect that this is due to the appliance being deployed from an OVF and certain key configuration only being updated and read on cold boot.

 

author avatar
Graham
Graham works closely with VMware & Microsoft solutions. He is a VMware Certified Implementation Expert, 8x VMware vExpert & a VMware User Moderator on the official VMware VMTN forums. Feel free to reach out via Twitter @VirtualG.uk or email: contact@virtualg.uk

Leave a Response

This site uses Akismet to reduce spam. Learn how your comment data is processed.