Cross Site vMotion valitation error: Cannot complete login due to an incorrect user name or password.

After migration from vSphere 5.5 to vSphere 6.5 U2 we had issues with custom certificates and Site Recovery Manager – see the previous post.

Now I have discovered another error – when using both HTML5 or Flex client on one the vCenter servers and trying to perform a cross site vMotion we are getting validation error: “Cannot complete login due to an incorrect user name or password.”. The error does not appear when we use clients on another vCenter Server.

We have opened a case in VMWare but currently no solution yet. They have scanned through the logs and found an error that indicates still issues with certificates – “com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager Server certificate chain is not trusted but thumbprint matches”

I will update the blog post as things progress with this issue.

27.11.2018 Update

No progress with this issue. VMware still investigating.

28.01.2019 Update

According to support VMware has released a fix for this issue in 6.7 but not for 6.5. No info about fix for 6.5. As of now we have closed the case and hopefully it will fix it self when we upgrade to 6.7.

26.02.2019 Update

After upgrading vCenter to vCenter Server 6.5 Update 2d (build 10964411) the issue has disappeared. Seems VMware has fixed the issue.

 

VMWare vCenter 6.5 U2 and SRM 8.1 – Server certificate chain is not trusted and thumbprint verification is not configured

Recently during upgrade we stumbled on a issue with SRM not been able to work with vSphere vCenter 6.5 U2 which was migrated from vSphere 5.5. SRM 8.1 went into error loop after creating a site pair. Looking into different SRM log files we discovered error in the dr.log in “C:\ProgramData\VMware\VMware vCenter Site Recovery Manager\runtime\srm-client\logs” folder. Error was –  com.vmware.vim.vmomi.client.exception.SslException: Failed to connect to Lookup Service at https://<vcenterhostname>/lookupservice/sdk. Reason: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured

After few days and no usable help from VMWare support we decided to try process described in couple of blog posts and KB articles:

https://vlenzker.net/2016/11/vcenter-6-5-srm-vsphere-replication-nsx-problems-after-ssl-change-ls_update_certs-py/
https://theithollow.com/2017/03/13/nsx-issues-replacing-vmware-self-signed-certs/
http://www.vjenner.com/2015/12/nsx-manager-6-2-lookup-service-error-when-using-vmca-enterprise-mode/
http://martinsvspace.blogspot.com/2015/08/srm-6-nightmare.html
https://kb.vmware.com/s/article/2121701
https://kb.vmware.com/kb/2121689

Before we did anything we created snapshots from vCenter servers while they were both turned off at the same time.

After determining that we had issues with one cert which was not updated we performed the fix against both vCenters and in one them 7 services were updated by ls_update_certs.py. After that SRM worked correctly.