OPERATIONAL DEFECT DATABASE
...
...
When pairing two cloud sites, you see a similar error in the Sites view of the vCloud Availability Provider Portal in both sites: Certificate differs from the expected one. In the Sites view of the vCloud Availability Provider Portal, authenticating with the remote site fails.In /opt/vmware/h4/cloud/log/cloud.log on the vApp Replication Manager, you see a similar entry: 2020-03-10 17:58:58.488 DEBUG - [UI-134bc817-040c-4a75-a5ec-a8e4855b90cd-A9] [job-7] com.vmware.h4.jobengine.JobExecution : Task 2568a221-3c8f-4650-ada3-bb0cb30f81a4 (WorkflowInfo{type='pair', resourceType='site', resourceId='Site2', isPrivate=false, resourceName=''}) completed with result VcloudSiteInfo{isLocal=false, state=PeerState{incomingCommError=null, outgoingCommError=ApiError{code='CertificateMismatch', msg='Certificate differs from the expected one.', args=[], stacktrace='com.vmware.exception.CertificateMismatchException: Certificate seen on the network differs from the certificate we expected at com.vmware.exception.converter.ClientExceptionConverter.convertException(ClientExceptionConverter.java:62) at com.vmware.rest.client.AbstractRestClient.genericExchange(AbstractRestClient.java:151) at com.vmware.rest.client.json.RestClient.exchange(RestClient.java:97) ...Caused by: java.security.cert.CertificateException: Certificate seen on the network differs from the certificate we expected at com.vmware.rest.client.security.ShaTrustManager.checkServerTrusted(ShaTrustManager.java:53) at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1510) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629) ... 46 more'}}, apiPublicUrl='https://vcav-site.corp.org', apiVersion='null', site='Site2', description='', apiUrl='https://vcav-site.corp.org', apiThumbprint='SHA-256:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA'} This issue can occur if one or both of the public API endpoints used to pair the sites use port 443. Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
This issue occurs when the public API endpoint port is not explicitly set during pairing as vCloud Availability does not default to using port 443 for the public endpoints while pairing sites.
To resolve this issue, ensure that the public API enpoint in each site explicity states the port to be used and when pairing sites, the endpoint URL includes the port information. In a browser, log into the vCloud Availability Provider Portal of the first site.In the left pane, click Configuration.Under Service endpoints > Public API endpoint, ensure the URL contains a port number.Repeat steps 1-3 for the second site.Pair the sites as per the Pair Cloud Sites section of the vCloud Availability documentation. Note: When entering the endpont URL, you much specify the address and port number for the remote site.
Similar symptoms can occur due to administrative API session restrictions. For more information, see "Authentication required" error when pairing cloud sites in vCloud Availability 3.x.For more information on how to pair sites, see the Pair Cloud Sites section of the vCloud Availability documentation.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
