vSphere Replication 6 & vCenter Appliance 6 – Unable to obtain SSL certificate

During configuration of a recently deployed vSphere Replication Appliance I encountered what seemed like a frequently discussed error throughout blogs and VMware forum posts:

Unable to obtain SSL certificate: Bad server response; is a LookupService listening on the given address?

Though many of the blog posts (http://www.davidhill.co/2015/03/vsphere-replication-unable-to-obtain-ssl-certificate/) and VMware KB article (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2085155) – none resolved the issue until I came across a post from – http://charlesulrich.blogspot.nl/2015/10/vsphere-replication-unable-to-obtain.html – which suggested to use the Platform Service Controller as the lookup server!

I have compiled all the relevant steps which I followed should you face the same issue – one of the following steps is bound to fix it:

  • Check that DNS works correctly from both vCenter & Replication Appliance
  • Check that the correct SSO Administrator/Password credentials are used
  • Check that the correct FQDNs/IP addresses are used for the following fields:
    • LookupService Address
    • VRM
    • VRM Site Name
    • vCenter Server Address
  • Check the vCenter Server Name under vCenter Runtime Settings is set
  • Use the full LookupService address – https://[FQDN_vCenter_Server]:7444/lookupservice/sdk
  • Use the LookupService address of the Platform Service Controller – https:/[FQDN_vCenter_Platform_Services_Controller]
    • Use the full LookupService address of the Platform Service Controller – https:/[FQDN_vCenter_Platform_Services_Controller]:7444/lookupservice/sdk

For me the fix was to use the Platform Service Controller for the Lookupservice Address – though I am still baffled if this a design choice or a flaw for vCenter not redirecting any external SSO configured services.


Leave a Comment

Your email address will not be published. Required fields are marked *