Failed to get SSL server cert and fingerprint for RCA proxy (azure site recovery appliance)

Question

Failed to get SSL server cert and fingerprint for RCA proxy (azure site recovery appliance)

Tyler Saville 431

My agents are unable to communicate to the azure site recovery appliance and the azure config wizard will not fully load. The logs from a protected server is showing below, any help would be greatly appreciated. Last time to fix this I rebuilt the entire appliance and re-replicated the servers but I need a more efficient fix. Thank you.

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66256 Could not perform curl. Curl error: (35) SSL connect error

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66257 Curl internal error : Recv failure: Connection was reset.

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66258 Curl operation failed with error (35) SSL connect error

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66259 RcmClientLib::RcmClientProxyImpl::GetServerCert: Request failed for URI https://xxxxxx:443, ErrorCode: 35

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66260 RcmClientLib::RcmClientProxyImpl::GetServerCert: Failed to get SSL Server cert and fingerprint

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66261 Failed to get SSL Server cert and fingerprint for RCM Proxy xxxxxx:443

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66262 Could not perform curl. Curl error: (35) SSL connect error

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66263 Curl internal error : Recv failure: Connection was reset.

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66264 Curl operation failed with error (35) SSL connect error

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66265 RcmClientLib::RcmClientProxyImpl::GetServerCert: Request failed for URI https://xxxx, ErrorCode: 35

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66266 RcmClientLib::RcmClientProxyImpl::GetServerCert: Failed to get SSL Server cert and fingerprint

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66267 Failed to get SSL Server cert and fingerprint for RCM Proxy xxxxxx:443

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66268 Get server cert failed for all rcm proxy address

#~> (08-04-2023 19:42:02): ERROR 11432 11504 66269 VxService::StartWork: Verify client auth failed with error 4. Waiting for 120 sec before retry.

#~> (08-04-2023 19:44:02): ALWAYS 11432 11504 66270 Copy file from C:\ProgramData\Microsoft Azure Site Recovery\private\ma.pfx to C:\ProgramData\Microsoft Azure Site Recovery\private\xxxxx.pfx succeeded

#~> (08-04-2023 19:44:02): ALWAYS 11432 11504 66271 Copy file from C:\ProgramData\Microsoft Azure Site Recovery\certs\ma.crt to C:\ProgramData\Microsoft Azure Site Recovery\certs\xxxxx.crt succeeded

#~> (08-04-2023 19:44:02): ALWAYS 11432 11504 66272 Copy file from C:\ProgramData\Microsoft Azure Site Recovery\private\ma.key to C:\ProgramData\Microsoft Azure Site Recovery\private\xxxxx.key succeeded

#~> (08-04-2023 19:44:02): ERROR 11432 11504 66273 Could not perform curl. Curl error: (35) SSL connect error

#~> (08-04-2023 19:44:02): ERROR 11432 11504 66274 Curl internal error : Recv failure: Connection was reset.

#~> (08-04-2023 19:44:02): ERROR 11432 11504 66275 Curl operation failed with error (35) SSL connect error

Tyler Saville 431 Reputation points

2023-08-09T12:49:38.6833333+00:00

We are not using a proxy, the cert is self signed. Server was rebooted multiple times. Anything else we can actually check or is this a must open ticket with microsoft scenario? Thank you
SadiqhAhmed-MSFT 49,326 Reputation points Microsoft Employee Moderator

2023-08-11T12:36:24.98+00:00
@Tyler Saville Can you check the logs on Source Machine for any errors:

C:\ProgramData\ASR\agent\svagents.log

C:\Program Files (x86)\Microsoft Azure Site Recovery\agent\svagents.log
Tyler Saville 431 Reputation points

2023-08-11T12:39:03.1666667+00:00

Hello, it is attached on my first comment above...that was from svagents.log on a protected server
Tyler Saville 431 Reputation points

2023-08-11T12:40:22.9366667+00:00

Hello, it is on my first post above, that is from the svagents.log on a protected server
SadiqhAhmed-MSFT 49,326 Reputation points Microsoft Employee Moderator

2023-08-14T10:24:06.11+00:00

@Tyler Saville Thanks for sharing the logs. However, we need to perform deeper investigation to work through a solution to this problem and that is only possible with the help of 1:1 connect via Azure technical support team. Please send us an email at AzCommunity @ Microsoft dot com with subject: Attn: Sadiqh Ahmed with your subscription ID and a link to this forum thread for context and I shall help you connect with Azure technical support team.
SadiqhAhmed-MSFT 49,326 Reputation points Microsoft Employee Moderator

2023-08-16T06:07:23.09+00:00

@Tyler Saville We haven't heard back from you. Feel free to contact us through email as mentioned in the previous post.

1 answer

Your answer

Tyler Saville 431 Reputation points

2023-08-09T12:49:38.6833333+00:00

We are not using a proxy, the cert is self signed. Server was rebooted multiple times. Anything else we can actually check or is this a must open ticket with microsoft scenario? Thank you
SadiqhAhmed-MSFT 49,326 Reputation points Microsoft Employee Moderator

2023-08-11T12:36:24.98+00:00

@Tyler Saville Can you check the logs on Source Machine for any errors:

C:\ProgramData\ASR\agent\svagents.log

C:\Program Files (x86)\Microsoft Azure Site Recovery\agent\svagents.log
Tyler Saville 431 Reputation points

2023-08-11T12:39:03.1666667+00:00

Hello, it is attached on my first comment above...that was from svagents.log on a protected server
Tyler Saville 431 Reputation points

2023-08-11T12:40:22.9366667+00:00

Hello, it is on my first post above, that is from the svagents.log on a protected server
SadiqhAhmed-MSFT 49,326 Reputation points Microsoft Employee Moderator

2023-08-14T10:24:06.11+00:00

@Tyler Saville Thanks for sharing the logs. However, we need to perform deeper investigation to work through a solution to this problem and that is only possible with the help of 1:1 connect via Azure technical support team. Please send us an email at AzCommunity @ Microsoft dot com with subject: Attn: Sadiqh Ahmed with your subscription ID and a link to this forum thread for context and I shall help you connect with Azure technical support team.
SadiqhAhmed-MSFT 49,326 Reputation points Microsoft Employee Moderator

2023-08-16T06:07:23.09+00:00

@Tyler Saville We haven't heard back from you. Feel free to contact us through email as mentioned in the previous post.

Answer 1

Hello @Tyler Saville Thank you for contacting us on Microsoft Q&A platform. Happy to help!

Error message "Failed to get SSL server cert and fingerprint for RCA proxy" in Azure Site Recovery indicates that the Site Recovery Configuration Server is unable to retrieve the SSL server certificate and fingerprint for the Remote Credential Authorization (RCA) proxy. This can happen due to a number of reasons, such as incorrect proxy settings or issues with the SSL certificate.

To resolve this issue, you can try the following steps:

Check the proxy settings on the Site Recovery Configuration Server. Ensure that they are configured correctly and that there are no typos or errors in the settings.

Check the SSL certificate on the RCA proxy. Ensure that it is valid and that there are no issues with the certificate chain.

If the RCA proxy is using a self-signed certificate, ensure that the certificate is trusted by the Site Recovery Configuration Server.

If the RCA proxy is using a certificate from a public Certificate Authority (CA), ensure that the CA is trusted by the Site Recovery Configuration Server.

If the issue persists, you can try restarting the Site Recovery Configuration Server and see if that resolves the issue.

If none of these step's work, it is recommended that you open a Microsoft support case for further assistance.

Share via

Failed to get SSL server cert and fingerprint for RCA proxy (azure site recovery appliance)

1 answer

Your answer