"Certificate has expired" error when server health is displayed as "Critical Disconnected" on a Configuration server in Microsoft Azure Recovery Services

Symptoms
Consider the following scenario:
  • You have a Microsoft Azure Recovery Services portal.
  • On the configuration server, the server health is displayed as Critical Disconnected.
  • When you click to view the error details, you receive the following error message:
    The Configuration server 'Server_Name' isn't connected.

    Possible Cause: Required services may not be running on the Configuration server 'Server_Name

    Recommended Action:
    Ensure that:
    1. The Microsoft Azure Site Recovery Provider service is running.
    2. The server can connect to the Internet.
    3. The proxy settings used to connect to Azure Site Recovery are correct.
    4. The Provider version running on the server is up-to-date. Click Download Provider to obtain the latest version.
    5. The certificate used to connect from Azure to the Configuration server is valid.
  • On the configuration server, you find an error message that resembles the following in the installation_path\home\svsytems\var\phpdebug.log file:
    date time (UTC) (UTC) CX :INFO:get_ps_settings: Curl error: SSL certificate problem: certificate has expired

In this scenario, the SSL Certificate on your configuration server has expired.
Resolution
To resolve this issue, follow the steps in this article to renew the SSL Certificates for the Configuration server.

Note If the gencert.exe file crashes in your environment, download and replace the file with an updated gencert.exe binary.

The following gencert.exe binary files are available for download from the Microsoft Download Center:

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.


Step 1: Update the Configuration Server computer

  1. Log on to the CS computer.
  2. Stop the following services:
    • cxprocessserver
    • tmansvc
    • INMAGE-AppScheduler
    • DRA

  3. In the command prompt window, go to the Configuration Server's installation folder, and then go to the bin folder. This folder should resemble the following: 

    C:\home\svsystems\bin
  4. Backup your existing gencert.exe binary. Then replace it with the updated gencert.exe binary.
  5. Type the following commands, and then press Enter after each command:
    1. gencert.exe -n cs –i

      gencert.exe -n cs –i

    2. gencert.exe -n ps --dh

      gencert.exe -n ps --dh

    3. genpassphrase.exe –b

      genpassphrase.exe –b

    4. Open a command prompt window, go to the following folder and then rename the encryption.key file.

      C:\Program files\InMage systems\private
    5. genpassphrase.exe –k

      genpassphrase.exe –k
  6. In the Run dialog box, type inetmgr in the Open box and then click OK.
    1. Under Connections, select the localhost computer, and then double-click Server Certificates.

      a)	Select “localhost” and Double click “Server Certificate”

    2. On the Server Certificates page, select the oldest Scout certificate.

      b)	In “Server Certificate” page, select the oldest “Scout” certificate

    3. Right-click the Scout certificate that you chose, and then click Remove.

      Right click on oldest

    4. Under Connections, select Default Web Site, and then click Bindings on the Actions menu.

      select

    5. In the Site Bindings dialog box, click Edit.

      select

    6. In the Edit Site Binding dialog box, click Select.

      In
    7. On the Select Certificate page, select the Scout certificate, and then click OK.

      In

    8. On the Actions menu under Manage Website, click Restart to restart the IIS service.

      Restart the IIS service

    9. Restart the following services:
      • cxprocessserver
      • tmansvc
      • INMAGE-AppScheduler
      • DRA

Step 2: Update the Process Server computer

  1. Log on to the Configuration Server.
  2. Open a command prompt window, go to the Configuration Server installation folder, and then go to bin folder. This folder should resemble the following: 

    C:\home\svsystems\bin
  3. Type the following command, and then press Enter to obtain the passphrase that's needed to update the Process Server.
    • genpassphrase.exe –n

      genpassphrase.exe -n
  4. Log on to the Process Server.
  5. Open a command prompt window, go to the Process Server installation folder, and then go to the bin folder. This folder should resemble the following: 

    C:\home\svsystems\bin.
  6. Backup your existing gencert.exe binary. Then replace it with the updated gencert.exe binary.
  7. Type the following command, and then press Enter:
    • gencert.exe -n ps --dh

      gencert.exe -n ps --dh

  8. Double-click the following command, which is located on the desktop. This command opens the Microsoft Azure Site Recovery Process Server dialog box. Provide the Configuration Server IP, the Configuration Server Port number, and the Connection Passphrase, and then click Save.
    • cspsconfigtool.exe

      cspsconfigtool.exe

Step 3: Update the Master Target (MT) computer (Windows)

  1. Log on to the Configuration Server computer.
  2. Open a command prompt window, go to the Configuration Server installation folder, and then go to the bin folder. This folder should resemble the following:

    C:\home\svsystems\bin
  3. Type the following command to obtain the passphrase that's needed to update the Master Target Windows computer:
    • genpassphrase.exe –n

      genpassphrase.exe –n
  4. Log on to the Master Target computer.
  5. Open a command prompt window, and then go to the installation folder. This folder should resemble the following:

    C:\Program Files (x86)\Microsoft Azure Site Recovery
  6. Backup your existing gencert.exe binary. Then replace it with the updated gencert.exe binary.
  7. Type the following command, and then press Enter:
    • gencert.exe -n ps --dh

      gencert.exe -n ps --dh
  8. Double-click the hostconfigwxcommon.exe file. This file opens the Host Agent Config dialog box. On the Global tab, provide the CS IP, CS HTTPS port number, the connection passphrase, and then click OK.

    hostconfigwxcommon.exe

Step 4: Update the Master Target (MT) computer (Linux)

  1. Log on to the Configuration Server computer.
  2. Open a command prompt window, go to the Configuration Server installation folder, and then go to the bin folder. This folder should resemble the following:

    C:\home\svsystems\bin.
  3. Type the following command to obtain the passphrase that's needed to update the Master Target Linux computer:
    • genpassphrase –n

      genpassphrase –n
  4. Log on to the Master Target computer.
  5. Go to the installation folder, and then go to the /Vx/bin folder. This folder should resemble the following:

    /usr/local/ASR/Vx/bin
  6. Backup your existing gencert.exe binary. Then replace it with the updated gencert.exe binary.
  7. Type the following command, and then press Enter:

    chmod 770 /usr/local/ASR/Vx/bin/gencert
  8. Type the following command, and then press Enter:

    ./gencert -n ps --dh
  9. Type the following command and then press Enter. This command opens the Host Config Interface dialog box.

    ./hostconfigcli
  10. Press Enter to open the Global tab options. Provide the Configuration Server IP, Configuration Server HTTPS port number, and the connection passphrase.
  11. Press Tab to update the changes, and then click Quit to close the dialog box.

Step 5: Update the Source computers (Windows)

This step must be performed on each protected Windows computer.
  1. Log on to the Configuration Server computer.
  2. Open a Command Prompt window, go to the Configuration Server installation folder, and then go to the bin folder. This folder should resemble the following:
    C:\home\svsystems\bin
  3. Type the following command to obtain the passphrase that's needed to update the Source Windows computer:

    genpassphrase.exe –n

    genpassphrase.exe –n
  4. Log on to the Source computer.
  5. Open a Command Prompt window, and then go to the Mobility Service installation folder. This folder should resemble the following:
    C:\Program Files (x86)\Microsoft Azure Site Recovery
  6. Backup your existing gencert.exe binary. Then replace it with the updated gencert.exe binary.
  7. Type the following command, and then press Enter:

    gencert.exe -n ps --dh

    gencert.exe -n ps --dh
  8. Double-click the hostconfigwxcommon.exe file. This file opens the Host Agent Config dialog box. On the Global tab, provide the Configuration Server IP, Configuration Server HTTPS port number, the connection passphrase, and then click OK.

    Global tab

Step 6: Update the Source computers (Linux)

This step must be performed on all protected Linux computers.
  1. Log on to the Configuration Server computer.
  2. Open a Command Prompt window, go to the Configuration Server installation folder, and then go to the bin folder. This folder should resemble the following:
    C:\home\svsystems\bin
  3. Type the following command to obtain the passphrase that's needed to update the Source Linux computer:

    genpassphrase –n

    genpassphrase –n
  4. Log on to the Source computer.
  5. Go to the Mobility Service installation folder, and then go to the /Vx/bin folder. This folder should resemble the following:
    /usr/local/ASR/Vx/bin
  6. Backup your existing gencert.exe binary. Then replace it with the updated gencert.exe binary.
  7. Type the following command, and then press Enter:

    chmod 770 /usr/local/ASR/Vx/bin/gencert
  8. Type the following command, and then press Enter:

    ./gencert -n ps --dh
  9. Type the following command and then press Enter. This command opens the Host Config Interface dialog box.

    ./hostconfigcli
  10. Press Enter to open the Global tab options. Provide the Configuration Server IP, Configuration Server HTTPS port number, and the connection passphrase.
  11. Press Tab to update the changes, and then click Quit to close the dialog box.

属性

文章 ID:3177198 - 上次审阅时间:08/16/2016 17:53:00 - 修订版本: 2.0

Microsoft Azure Recovery Services

  • kbsurveynew kbhowto KB3177198
反馈