SRM Server regenerate - certificates

Similar Questions

• SRM server instances

  Hi all

  I'm new to SRM, please bear with me.  Our environment includes three small data centers in which we each site production systems.  Each site will also serve as a recovery site disaster for one of the other two sites.  A single SRM server at each site can take on the role in both primary and secondary?

  Thanks for your help...

  -Rich

  Short story; Yes!

  A little less short story; A single SRM server can contain groups of Protection and Recovery Plans with the warning that your storage devices must be capable of two-way replication and the design of your network can support recovery.

  Please consider useful assignment or appropriate when appropriate

  Tim Oudin

• Several assignments on a single SRM Server

  I've seen some confusing information on this topic so I hope someone can clear this up for me.  I have two without, a Symmetrix and a Clarrion both with the same hardware replication on a site of DR.  Can I install two assignments on my SRM server to automate failover between the two storage environments?

  If you have pairs of reproducing with SRDF Symmetrix and CLARiiON with MirrorView reproducing pairs, all you need to do is install the two SRA and you can take advantage of these two sets of replication.

  If you're looking to replicate between Symmetrix and CLARiiON, then you have to RecoverPoint, SVC, Falconstor, or another system of heterogeneous replication (which in turn would need its own SRA).

• Concerns about the replication on the VDR SRM Server

  Dear Experts,
  I have a few questions that I can't know since last week.
  FYI, my current environment has a VDR VM on a cluster of HQ. The VDR Server attachs with 1 system VMDK (8 GB) and 2 physical RDM disks (each disc = 1 TB).
  Now my environment will set up the Site Recovery Manager to replicate 1/3 of the total production of virtual machines on the site of DR, and VDR is one of the SRM protected VM list. In addition, we will build a DR cluster for these protected virtual machines.
  Our lease between HQ & DR line connection speed is around 20Mbps, specifically for the purpose of replication for the SRM storage.
  Questions
  1. Is it recommended to replicate Server HQ for DR using MRS. VDR online? Why?
  2. What is the best practice for backup server VDR (include backup data)?
  3. If we repliacte to Dominican Republic, VDR VDR allows to restore all backup VMs on cluster vCenter DR, since already, it was tied with vCenter cluster HQ?
  4. My total of VMs protected memory size is 148 GB, whereby for DR cluster only have 128 GB of physical memory total (2 ESXi, each has 64 GB). During the execution of failover or real failover Test, will all the VMs protected able to be powered at the same time?
  I'm happy to get any feedback from you guys.
  Thank you.
  VMheaven

  As I said in my previous post doesn't do SRM not replication - it works in conjunction with a product supported SAN to SAN replication - SRM will contact the bays of SAN to identify what LUN replicare and will know what virtual machines are sprinkled on those LUNS - only the changes of the block will be replicated.so that it would be unwise to replicate the vDR machine since there are a large number of block all changes day - it might be prudent to have a vDR VM built on the site of DR and will only be used when there is a failover.

  Yes it works in the same way between 4.0 u3 and 4.03-

• accept invalid server security certificates in Android 4 +.

  Hello

  I have an AIR application that calls a script https on a server. We have a security certificate valid server on our live server, but not on our development servers.

  Everything works fine on the server, with Android and iOS.

  On development, with Android 2.2/2.3 servers, an alert appears on my phone asking me to accept the invalid security certificate before I can continue. It is very good.

  I don't get the pop-up with 4 Android devices. Just to do not and gives me an actionscript 2032 Stream error every time. However, the same apk on a device Android 2.2/2.3 oldest still works.

  AIR iOS apps were never allowed to call scripts from server without a valid security certificate. I raised this issue in the forum of pre-release flash and said it was a known problem. Can someone confirm if this is the case with the 4 Android devices now too?

  Thank you

  Nick

  Seems fixed in AIR3.7.

• After unchecking PCoIP gateway secure on the internal connection server, a certificate customers get software View error

  Hi, we recently changed one of our servers in connection view by deselecting the secure gateway PCoIP setting and then using this server for internal connections of our virtual machine. For the most part, we use zero clients and have no problem connecting on their part to our desktop computers, but when trying to connect by using the client software to view from an office inside the network, we receive the below error.

  

  As you can see above, our server has a proper cert. I found the following KB that seems to treat my symptoms precisely. However, the KB seems to assume that we want the connection to use the bridge safe, that we do. See below for the values in the ADAM database. As you can see, they are currently empty.

  

  Considering that everything works well my zero clients, I'm reluctant to mess around with this setting to correct a few clients software. Can anyone suggest another option, or give any indication why this could happen?

  Hi, in the case where this never helps anyone else, I have solved this. I realized that we still had the box for secure HTTPS Tunnel. After unchecking the software view client is more than survey errors and connects properly.

• Local error-1200 creation push certificates on the server. Any idea?

  In the Application Server

  When you try to renew or create a certificate to push comes up with the error "Certificates to push creation local error - 1200" on the server. Any idea? »

  I'm having the same problem with 10.7.5 server. (two of them)

  At the time of renewal, I was looking at the Console and I think the Apple Server SSL certificate is therefore more reliable.

  (or server versions are low)

  August 15 at 10:23:08 login.* * servermgrd [23349]: received the connection error: error domain = NSURLErrorDomain Code =-1200 "error SSL and a connection to the server cannot be made. UserInfo = 0x7fb8f5aab9a0 {NSUnderlyingError = 0x7fb8f15af450 "error SSL and a connection to the server cannot be made.", NSErrorFailingURLStringKey =https://identity.apple.com/pushcert/caservice/renew, NSErrorFailingURLKey =https://identity.apple.com/pushcert/caservice/renew, NSLocalizedRecoverySuggestion = you want to connect to the server anyway?, NSLocalizedDescription = SSL an error has occurred and a connection to the server cannot be made.}

  August 15 at 10:23:08 login.* * servermgrd [23349]: certificate request to push failed: reason = Local, error code = - 1200, error = error Domain = NSURLErrorDomain Code =-1200 "error SSL and a connection to the server cannot be made. UserInfo = 0x7fb8f5aab9a0 {NSUnderlyingError = 0x7fb8f15af450 "error SSL and a connection to the server cannot be made.", NSErrorFailingURLStringKey =https://identity.apple.com/pushcert/caservice/renew, NSErrorFailingURLKey =https://identity.apple.com/pushcert/caservice/renew, NSLocalizedRecoverySuggestion = you want to connect to the server anyway?, NSLocalizedDescription = SSL an error has occurred and a connection to the server cannot be made.}

  So not yet an idea, but hopefully with these console outputs happen to something?

• App 5 & SSL server certificate warning

  Hi guys,.

  I use 5 App Server from another machine to access my server El Capitan on a Mac mini. When I open the Server app from my remote machine (MacBook Air), I get a screen popup on connection of server SSL certificate and that I want to continue.

  I read somewhere, memory, that I need to install the server certificate on my local machine that connects remotely to the server. Is this correct? How would I address?

  Thank you very much for you help.

  Also, try to post here:

  https://discussions.Apple.com/community/servers_enterprise_software/os_x_server

• TMS 14.3.2 - IIS - SHA2 server certificate is supported?

  TMS server is currently at version 14.3.2 with a self-signed certificate. I want to update the existing with a SHA2 certificate server cert and certificate of my employer services group want to check support before issuing a new certificate.

  Could someone tell me if a server SHA2 certificate is supported? Documentation does not specify whether they are or are not supported, but the version of IIS running supports SHA2.

  Thanks for your time!

  TMS will work with this type of certificate.

• a single server SRM replication for the CX4-960 and CX3 - 80

  Hi Experts,

  A SRM Server does support the repliation for the CX 4-960 and CX3-80 at the same time?

  Thank you.

  Open picture frames and click 'Add '. This will allow you to add the additional table.

  Michael.

• How Re - IP le DR SRM/VCenter Server?

  I moved recently a job MRS. install from a location on the site staged in a collocation facility.  A Re-address IP has been involved.  Now the SRM Service side Dr. does not start and if I go to VirtualCenter on the DR Side and click Site Recovery Manager sound as if he still considers that its to old IP (even if I gave the server VCenter DR new already).  How to do everything in SRM to recognize the new IP and also to get the service restarts?

  The production side under connection cannot connect.  Break is grayed out.  When I click Configure it shows the DR site by DNS name that is correct, but it does connect not (probably because the SRM service on the side of the DR does not start).

  There is a procedure to "Repair a connection after a change of address IP SRM Server" on the page

  85 of the http://www.vmware.com/pdf/srm_10_admin.pdf. Who help me?

• upgrade to vCenter/SRM to 6.1

  All,

  We have recently updated our server vCenter 5.5 Update 2 to 6.0 Update1b.  All thanks to the improvement of the PSC and vCenter went to the wonder.  The problem we run into is with MRS.  We have improved 5.5.1 to 6.0 SRM that crossed successfully.  However, whenever connect us to vSphere Web Client and run SRM we get the following message when you click sites:

  Cause:

  Connecting to remote servers to SRM Server to https:// < IPofLocalSRMServer >: 9086, vcdr, vmomi, sdk needs to be reconfigured.

  I can't find anything on this error and have waited for hours for the VMware support call.  Any ideas?  We get this message with the SRM Server (remote and the).

  I suspect it is a certificate problem, but I can't identify where.  When you go to https://srmhost:9086 , I get the following:

  Local connections

  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.cs.inventory
  URL https:// < vCenter Server >: 443/invsvc
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.vcenterserver
  URL https:// < vCenter Server >: 443/sdk
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.cs.inventory
  URL https:// < vCenter Server >: 443, invsvc, vmomi, sdk
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.cs.lookup
  URL https:// < vCenter Server >: 443/lookupservice/sdk
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.cs.identity
  URL https:// /SSO-AdminServer/SDK/vsphere.local < vCenter Server >
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.cs.authorization
  URL https:// < vCenter Server >: 443, invsvc, vmomi, sdk
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------
  Service com.vmware.cis.cs.license
  URL https:// < vCenter Server >: 443/ls/sdk
  Unknown thumbprint
  Status connected
  -------------------- --------------------------------------------------------------------------------

  Thank you!

  Hello

  after upgrade, you must reconfigure the pairing between sites or fix the connection from one site to the other. This should be a time effort and it is necessary to renew the certificates information in SRM products improved after all.

  You can find more useful information in our documentation - Site Recovery Manager 6.1 Documentation Center

  Procedure

  1	In the Web Client vSphere client, select Site Recovery > Sites, right-click on a site and select reconfigure matching to reconfigure the connection between sites Site Recovery Manager.

  Hope that this is sufficient,

  Daniel G.

• 5.8 SRM installation when you use vCSA

  Try to install SRM 5.8 and have a few questions:

  Local VCenter is vCSA 5.5 U2. The certificates were replaced on vCSA for all services using Microsoft internal certification authority.

  SRM server is 2012 R2 which is joined to the same domain as the issuing certification authority.

  During the installation of SRM, I created the certificate file that you want to use the same internal certification authority. Cert has other names for the object whose name is abbreviated, FULL domain name and IP address. It's to accept the certificate, but say that vCenter server does not trust the certificate. Full of the error is: "VMware vCenter Site Recovery Manager of customer are not approved by vCenter Server."

  Given that I replaced all vCSA of the same issuing CA certificates, if he should not trust this cert?

  Any thoughts on the future?

  I think you have the same problem as described here:

  Re: Using CA signed CERT on 5.5U2 device and SRM 5.8 vCenter (vPostgres)

  Please try the resolution I've offered here and post the result.

  Thank you

  Asen

• "There was an error connecting to server Apple ID" not reliable CRL issue

  I started getting errors connecting to my Apple account on iTunes/App Store / iBooks etc., I noticed today.

  In an attempt to connect, it would return the message "There was an error connecting to server Apple ID"

  

  This debugging with Wireshark, I noticed that iTunes has been disconnected as soon as he saw the server SSL certificate.

  I opened the url field that he was using (https://gsa.apple.com) in Safari to see if reported certificate issues, and he confirmed that the intermediate certificate, although valid, could not be verified on LCR this is because he believes http://crl.apple.com/root.crl is unreliable CRL.

  

  Other computers, OSX, I checked are used the same certificate and validate the certificate successfully.

  I tried to set the certificate to always trust, but it has no effect.

  I changed Keychain Access-> Preferences-> Certificates-> certificate revocation list (CRL) of "Best tent", which seems to fix the problem, but I'm not keen on this change, because it could weaken the security of my computer compared to "demand if the certificate shows."

  Is it possible to restore the confidence of OSX CRL for this problem?

  In fact, I found just Keychain Access from another computer-> Preferences-> Certificates-> CRL (CRL) list is set to "Best tent", and causes 'Require if the certificate shows' the same question, so I guess it's a problem with the server Apple ID certificates themselves.

  I think I put the CRL settings to "Demand if the certificate indicates" some time to try to improve security. At one point, until recently, the https://gsa.apple.com worked with these settings so perhaps they changed the intermediate certificate, which presents the problem of CRL unreliable. It is http://crl.apple.com/root.crl and not https seems suspicious and could be the source of the problem untrustedness.

• Authentication computer certificate and windows domain check

  Hello

  We intend to deploy machine? s certificates of authentication for wifi users.

  We want to check the validity of the certificate of the machine and that the machine is included on the windows domain.

  We intend to use EAP - TLS:

  -A CA server.

  -each machine (laptop) retrieves its own certificate to GPO or SMS

  -the public certificate of the CA is pushed on GBA as well as on each machine (laptop)

  -ACS version is the one device

  -a remote ACS agent installed on the A.D.

  -When a user intends to log on to the wireless network:

  -(device ACS) server sends its certificate to the client. This client checks the certificate with the certificate of the CA server there already trust, results: the customer also hope the ACS? s certificate signed by the CA server.

  -the client sends its certificate on the server (ACS unit). This ACS checks the certificate with the certificate of the CA server there already trust, results: GBA also hope the customer? s certificate signed by the CA server but the ACS also checks to see that the certificate isn't? t revocated (GBA check it thanks to the CA CRL server? certificates revocation list).

  I'm right about these previous points?

  And then my question is: is it possible to check that the machine is also included in the windows domain?

  In other words, is it possible for the candidate countries get the necessary field (maybe CN? certificate type "host /...") "), and then do an authentication request to the AD (active directory) with the remote agent of GBA? We just want machine authentication, the authentication of the user not.

  Thanks in advance for your attention.

  Best regards

  Arnaud

  Hi Arnaud,.

  You are right.

  Once the Remote Agent is configured correctly. And clients are configured correctly.

  It will work the way you want.

  Another option to consider,

  Also check 'enable machine access restrictions '.

  http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/acs41/user/usrdb.htm#wp354338

  Kind regards

  Prem