- Install Vcenter Certificate
- Install Ssl Certificate Vmware Vcenter
- Replacing Vmware Vcenter Ssl Certificates
- Change Vcenter Ssl Certificate
This post will walk through the installation of Site Recovery Manager (SRM) to protect virtual machines from site failure. SRM plugs into vCenter to protect virtual machines replicated to a failover site using array based replication or vSphere replication. In the event of a site outage, or outage of components within a site meaning production virtual machines.
- Installing vCenter Site Recovery Manager using a custom SSL certificate fails with the error: Failed to validate certificate. Details: the certificate file contains unsupported PKCS#12 content (2011356).
- Alternatively, if you feel that vCenter Server is a critical component to your environment you could protect it with things like vSphere Fault Tolerance (there are certain limitations when using vSphere FT), or VMware Site Recovery Manager (SRM).
- Download the Site Recovery Manager 6.0 installation file to a folder on the machine on which to install Site Recovery Manager on both primary site and recovery site. VMware SRM 6.0 installation As we already discussed, SRM can be installed on same machine as vCenter or in a dedicated server.
I recently upgraded my ESXi 5.0 hosts to ESXi 5.1 and they all kept the CA-signed SSL certificates I previously installed. I did a fresh install of vCenter 5.1 Server where the same box ran SSO, Inventory Services, vCenter Server, and Update Manager. After install, everything was working perfectly except that none of the vCenter services were using my CA-signed SSL certificate - only the ESXi 5.1 hosts had these.
So I followed the directions in the Replacing Default vCenter 5.1 and ESXi Certificates PDF found at http://www.vmware.com/resources/techresources/10318. The document is terrible. For example, page 10 lists the three default locations for SSL certificates on Windows 2008. None of these paths are correct. The first has a typo of an extra space between 'Program' and 'Data' and the other two say 'Program Files' when they should have been 'ProgramData'. This is just the beginning of the problems.
![Install Ssl Certificate Vmware V Center Site Recovery Manager Install Ssl Certificate Vmware V Center Site Recovery Manager](/uploads/1/3/3/9/133905576/125526472.png)
If you follow the directions to the letter, you'll break vCenter. I got frustrated and thought I'd give the vCenter 5.1 Appliance a shot. With respect to CA-signed SSL certificates, it was worse. The vCenter 5.1 Appliance can't even auto-generate a new SSL certificate if you change the hostname (turn on auto-certificate generation, change hostname and reboot). It gives a 653 error during the boot up process and keeps the original certificate. Don't even bother trying the steps on page 18 in the aforementioned guide - you'll just get the same 653 error.
It seems to me that VMware has not done any testing around CA-signed SSL certificate installation on vCenter 5.1. It's amazing to me that SSL certificate installation is so tedious for vCenter and ESXi when vShield Manager 5.1 has a very simple process that works well (and is similar to the SSL certificate installation process on DRACs, RSAs, iLOs, various firewalls, etc.).
Install Vcenter Certificate
I did a lot of Google searches and found various blogs on SSL certificate installation but many were based on pre-5.1 GA products. If you have had any success installing CA-signed SSL certificates with vCenter Server or Appliance 5.1 GA, please let me know how you got around some of these issues. Please indicate whether your vCenter Server or Appliance was running on an ESXi 5.1 GA host as well. Please don't respond regarding vCenter 5.0 - I didn't have any issues with it and SSL certificates (other than that it was more tedious that it had to be).
Thanks in advance,
Nate
-->This article describes how to set up your source on-premises environment, to replicate VMware VMs to Azure. It includes steps for selecting your replication scenario, setting up an on-premises machine as the Site Recovery configuration server, and automatically discovering on-premises VMs.
Prerequisites
The article assumes that you have already:
- Planned your deployment with the help of Azure Site Recovery Deployment Planner. This helps you to allocate sufficient bandwidth, based on your daily data-change rate, to meet your desired recovery point objective (RPO).
- Set up resources in the Azure portal.
- Set up on-premises VMware, including a dedicated account for automatic discovery.
Choose your protection goals
- In Recovery Services vaults, select the vault name. We're using ContosoVMVault for this scenario.
- In Getting Started, select Site Recovery. Then select Prepare Infrastructure.
- In Protection goal > Where are your machines located, select On-premises.
- In Where do you want to replicate your machines, select To Azure.
- In Are your machines virtualized, select Yes, with VMware vSphere Hypervisor. Then select OK.
Set up the configuration server
![Install vcenter certificate Install vcenter certificate](/uploads/1/3/3/9/133905576/594974833.png)
Install Ssl Certificate Vmware Vcenter
You can set up the configuration server as an on-premises VMware VM through an Open Virtualization Application (OVA) template. Learn more about the components that will be installed on the VMware VM.
- Learn about the prerequisites for configuration server deployment.
- Check capacity numbers for deployment.
- Download and import the OVA template to set up an on-premises VMware VM that runs the configuration server. The license provided with the template is an evaluation license and is valid for 180 days. Post this period, customer needs to activate the windows with a procured license.
- Turn on the VMware VM, and register it in the Recovery Services vault.
Azure Site Recovery folder exclusions from Antivirus program
If Antivirus software is active on Source machine
Replacing Vmware Vcenter Ssl Certificates
If source machine has an Antivirus software active, installation folder should be excluded. So, exclude folder C:ProgramDataASRagent for smooth replication.
If Antivirus Software is active on Configuration server
Exclude following folders from Antivirus software for smooth replication and to avoid connectivity issues
- C:Program FilesMicrosoft Azure Recovery Services Agent.
- C:Program FilesMicrosoft Azure Site Recovery Provider
- C:Program FilesMicrosoft Azure Site Recovery Configuration Manager
- C:Program FilesMicrosoft Azure Site Recovery Error Collection Tool
- C:thirdparty
- C:Temp
- C:strawberry
- C:ProgramDataMySQL
- C:Program Files (x86)MySQL
- C:ProgramDataASR
- C:ProgramDataMicrosoft Azure Site Recovery
- C:ProgramDataASRLogs
- C:ProgramDataASRSetupLogs
- C:ProgramDataLogUploadServiceLogs
- C:inetpub
- ASR server installation directory. For example: E:Program Files (x86)Microsoft Azure Site Recovery
If Antivirus Software is active on scale-out Process server/Master Target
Exclude following folders from Antivirus software
- C:Program FilesMicrosoft Azure Recovery Services Agent
- C:ProgramDataASR
- C:ProgramDataASRLogs
- C:ProgramDataASRSetupLogs
- C:ProgramDataLogUploadServiceLogs
- C:ProgramDataMicrosoft Azure Site Recovery
- ASR load balanced process server installation directory, Example: C:Program Files (x86)Microsoft Azure Site Recovery