During configuration of a recently deployed vSphere Replication Appliance I encountered what seemed like a frequently discussed error throughout blogs and VMware forum posts:
Unable to obtain SSL certificate: Bad server response; is a LookupService listening on the given address?
Though many of the blog posts (http://www.davidhill.co/2015/03/vsphere-replication-unable-to-obtain-ssl-certificate/) and VMware KB article (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2085155) – none resolved the issue until I came across a post from – http://charlesulrich.blogspot.nl/2015/10/vsphere-replication-unable-to-obtain.html – which suggested to use the Platform Service Controller as the lookup server!
I have compiled all the relevant steps which I followed should you face the same issue – one of the following steps is bound to fix it:
- Check that DNS works correctly from both vCenter & Replication Appliance
- Check that the correct SSO Administrator/Password credentials are used
- Check that the correct FQDNs/IP addresses are used for the following fields:
- LookupService Address
- VRM Site Name
- vCenter Server Address
- Check the vCenter Server Name under vCenter Runtime Settings is set
- Use the full LookupService address – https://[FQDN_vCenter_Server]:7444/lookupservice/sdk
- Use the LookupService address of the Platform Service Controller – https:/[FQDN_vCenter_Platform_Services_Controller]
- Use the full LookupService address of the Platform Service Controller – https:/[FQDN_vCenter_Platform_Services_Controller]:7444/lookupservice/sdk
For me the fix was to use the Platform Service Controller for the Lookupservice Address – though I am still baffled if this a design choice or a flaw for vCenter not redirecting any external SSO configured services.