vSphere Replication Unable to obtain SSL certificate – Bad Server Response

Working on upgrading our vCloud Air TMM lab today, I came across an interesting error that had me baffled for quite some time.

I was upgrading the vSphere Replication Appliance from version 5.8 to version 6.0 and everything went smoothly.  After logging out and clearing the cache for the web browser (as documented here), I came across a new field that needs to be configured for the vSphere Replication Appliance to work.  Its the LookupService Address.  This didn’t exist in the previous version, but easy I thought.  Lets enter the vCenter server FQDN and away we go.

vSphere Replication Unable to obtain SSL certificate

Then I received the error:

Unable to obtain SSL certificate: Bad server response; is a LookupService listening on the given address?

vsphere replication unable to obtain ssl certificate

If you perform a quick google, you are reffered to this KB article, but DNS wasn’t the problem, I could ping both the long FQDN and also the short name.  So I knew it wasn’t that.

Then the vCenter Runtime settings were mentioned, so I checked this, and yes these were incorrect.  I updated the vCenter Runtime settings, but still the error persisted! What am I doing wrong I thought?  This should work easily.

vsphere replication unable to obtain ssl certificate

After thinking about this for a moment, I realised my own ridiculous error.  I was not entering the full lookupservice address for the vCenter server.

The full Lookupservice address is: https://[FQDN_vCenter_Server]:7444/lookupservice/sdk

After changing the vCenter Server lookup address to the correct one, everything worked perfectly, and I received the Sucessfully saved the configuration message! Phew!!

vsphere replication unable to obtain ssl certificate

Thats it.  Once configured you can go and start configuring Virtual Machine replication.

vsphere replication unable to obtain ssl certificate


, , , , ,

16 Responses to vSphere Replication Unable to obtain SSL certificate – Bad Server Response

  1. Mark April 5, 2015 at 10:20 pm #

    Thanks for this, was following the goose chase of other fixes/potential issues that were already correct. This solved it for me immediately.

  2. K. Zachary Abbott April 20, 2015 at 9:54 pm #

    Thank you so much – this was frustrating the heck out of me!

  3. Mike May 6, 2015 at 6:32 pm #

    Thank you for sharing this.

  4. Alex June 23, 2015 at 4:49 pm #

    Thanks! This solved the “Unable to obtain SSL certificate – Bad Server Response” issue. Now VRM service keeps on stopping but that’s another story.

  5. Alex June 23, 2015 at 6:03 pm #

    UPDATE: reinstalling the latest version of replication appliance solved the issue with VRM stopping

  6. Eric July 28, 2015 at 8:29 am #

    I had the same problem, but my issue was my vSphere 6 was split, so separate vCenter and Platform Services Controller.

    LookupService Address : Platform Services Controller with the “:7444/lookupservice/sdk” as above
    vCenter Address : vCenter Adress

    • r8derfan33 October 26, 2016 at 2:30 pm #

      I didn’t even think about it pointing to the PSC. Once I found which server was the PSC it worked!!!

    • Patrick October 16, 2017 at 3:23 am #

      Eric thanks for mentioning this, as I had the same issue.

      After putting in the address for the PSC along with the direct URL path and port number mentioned by David I was able to get this going.


  7. BJ Jones August 14, 2015 at 4:53 pm #

    Much appreciated. You would think that they would put an example below. Fixed my issue as well.

  8. Brian November 4, 2015 at 8:41 pm #

    Thank you, and just as Eric mentioned I had to use the platform services controller name to get it to work if you have them separated.

  9. Mjs March 9, 2016 at 7:48 pm #

    Thanks a lot, This saved lot of my time.
    This really works fine…

  10. Fabio May 12, 2016 at 6:20 pm #

    Great! You saved my life!

  11. Kev May 20, 2016 at 6:55 am #

    I love you man!! 😀

  12. Vicente June 1, 2016 at 11:15 am #

    Ridiculous error? How did you get to the solution? Anyway: God bless you!

  13. Eric Williams July 21, 2016 at 10:14 pm #

    cheers, bro.

  14. russ August 17, 2016 at 11:54 am #

    Dave, thanks for posting…

    I am using a vcsa 6 and 7444 didn’t work…

    running /usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location –server-name localhost from the vsca gives the correct string

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright David Hill

Powered by WordPress. Designed by Woo Themes

%d bloggers like this: