Allgemein

vSphere Replication fails at validation to DR site

I recently came across an error where I needed to set up a replication between two datacenters using the VMware vSphere Replication appliance.

The appliances on both sides were updated to version 6.5.1.1832 Build 6128217 and the vCenter Server appliances as well as the ESXi hosts were on the latest build at 6.5. The environment was connected to the Active Directory infrastructure and every responsible person is using their personalized user account. I also use my user account which is added to the administrative group at the vCSA level.

Everytime a new replication from datacenter1 (dc1) -> datacenter2 (dc2) should be configured I received two errors.

After right click on the virtual machine which needs to be replicated, the vRA plugin takes appr. 10 sec. to load and the popup appears:

rep_error1

And even though it is possible to start the replication wizard I receive an error at the second step when I am validating against the target site using the SSO admin with ‘no information’.

Even after restarting the vRA and/or vCSA appliances on both sites, checking DNS reverse and forward, re-registering the vRA’s, checking the SSL certificates and so on, even tried it using different browsers on different clients. None of the steps was successful.

So I dived a bit deeper into the logs of the vRA on the source site. First I logged in to the vRA web client at https:\\vRA-FQDN:5480 and generated a support bundle at the tab “Support” which I downloaded and extracted it with 7zip. Located at \opt\vmware\hms\logs I checked the “hms.log” and found a warning saying:

2017-01-11 10:00:00.00 WARN jvsl.security.authentication.sm [tcweb-8] (..security.authentication.SessionManagerInternal) operationID=abcdef-abcd-abcd-abcd-abcdefghijkl-HMS-1234 | Could not get full name of the user logged in with VC Session 52036

Strange, because logging in at the vCSA with my personalized account showed no errors. So I logged out and re-authenticated using the source site SSO admin credentials and re-configured the replication using the SSO admin of the destination site… It worked!

 

I was struggling with this situation for quite some time and searched the web for solutions with no luck. So I though it might help somebody else.