Hi all,
After a nenew of all certificats on our infrastructure, the VMware replication appliance failed to register ==>
I pointed the VR (6.5.1.4) on the lookup service https address of the external PSC (6.5), I accepted the certificat and I had the following message ==>
"Unable to obtain SSL certificate: The vCenter xxx is not correctly registered in LookupService"
Any idea on "how to correctly registered the vcenter on the lookupService ?
Thanks for help
Hi @valot ,
Primary suspect in this scenario would be SSL trust anchor mismatch on PSC-vCenter certificates.
1. Try to perform a save and restart on VR VAMI and share a copy of hms logs from replication appliance. Log location: /opt/vmware/hms/logs
2. Run these 2 commands on PSC and share the outputs:
/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null
echo | openssl s_client -connect localhost:443
Tks for answer
1/ impossible to xfert the files
2/
/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null
echo | openssl s_client -connect localhost:443
Moderator: Please consider using the "spoiler" function on the extended toolbar in the post creator/editor when you have large amounts of text to paste - making the thread easier for all to scroll through. I've amended your post above so you can see the effect.
Press the ... on the toolbar to extend it then select the triangle with exclamation mark to add a "spoiler":
ok
sorry
@valot ,
Thank you for sharing these outputs. As suspected, there is a SSL trust anchor mismatch with PSC certificates. Please refer following KB article for more details --> https://kb.vmware.com/s/article/2121701
Before we proceed further, we need a snapshot of both PSCs. Looking at the outputs, these PSCs seems to be in linked mode (As we see entries for 2 PSCs).
Make a note of the ESXi host where the PSC VMs are running and power off both PSC VMs. Need to take a powered off snapshot of both PSCs as they are in linked mode. Next steps:
1. Download 'ls_ssltrust_fixer.zip' from attachments and extract it. Upload 'ls_ssltrust_fixer.py' it to any of the PSC VMs at following directory: /usr/lib/vmidentity/tools/scripts/
2. SSH to PSC and switch to directory mentioned in step.1
3. Run this scan command: python ls_ssltrust_fixer.py -f scan
4. Run this fix command: python ls_ssltrust_fixer.py -f fix
Once the fix task is completed, run those 2 commands provided initially and ensure certificate outputs match. Re-register VR to PSC.
Hope that helps