This week I noticed that vSphere Replication had stopped working on both primary and secondary sites. I logged into the VAMI for both vSphere Replication appliances and noticed that the self signed certificates for had both expired. Closer inspection showed that on a default installation, the self signed certificates are only valid for 1 year.
To determine when the certificate expires, navigate to VR > security on the VAMI:
The resolution in the official VMware documentation explains that you just need to regenerate the certificate and restart the services:
- VR > Configuration
- Input the password for the SSO administrator account
- Scroll to SSL Certificate Policy
- “Generate and Install” This will generate a new self-signed certificate.
- “Save and restart Service”
However I found that although the certificate has been replaces, the vSphere Replication services would keep going offline and in the vSphere client it would not show vSphere Replication as enabled. A reboot did not fix the problem.
I finally found that powering off and then powering back on the appliances would fix the problem.
An SR with VMware explained that usually a simple restart of the services via the VAMI would resolve the problem but in some cases a full power off and power on is required. I suspect that this is due to the appliance being deployed from an OVF and certain key configuration only being updated and read on cold boot.