Share via

Azure Site Recovery Certificate renewal Fails

MujiburAdmin 1 Reputation point
2021-07-27T07:45:25.6+00:00

118241-2021-07-26-14-50-11.jpg118158-2021-07-26-23-34-06.jpg
Hi,

We are have an issue trying to renew an Azure Site recovery certificate that has expired.
I have followed the suggested steps on Microsoft

https://learn.microsoft.com/en-us/azure/site-recovery/vmware-azure-manage-configuration-server#how-to-renew-ssl-certificates

  1. Post expiry, certificates cannot be renewed from Azure portal. Before proceeding, ensure all components scale-out process servers, master target servers and mobility agents on all protected machines are on latest versions and are in connected state.
  2. Follow this procedure only if certificates have already expired. Login to configuration server, navigate to C drive > Program Data > Site Recovery > home > svsystems > bin and execute "RenewCerts" executor tool as administrator.
  3. A PowerShell execution window pops-up and triggers renewal of certificates. This can take up to 15 minutes. Do not close the window until completion of renewal.

Unfortunately this has not generated a new certificate for us.
PS certificate renewal is successfully done then when it reaches CS certificate status is shown as in progress for about 5 mins.
Then it bombs out … the PowerShell screen closes

have even tried running PowerShell with elevated privileges
The PS certificate renewal is successfully done the next stage
CS certificate renewal is successfully done.
Unfortunately the certificate does not renew ( no new certificate is created)

I would appreciate any advice and suggestion is resolving this
Thanks

Regards
Muj

Azure Site Recovery
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
647 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sladjan Trisic 5 Reputation points Microsoft Employee
    2023-06-13T14:27:28.73+00:00

    Here are the steps to perform Certificate renewal if the certificate is expired on Config/Process server:

    1. Open command prompt on the CS
    2. Run C:\ProgramData\ASR\home\svsystems\bin\renewcerts.exe
    3. The above command will take some time but do not close the window or reboot until it completes. If the above command fails with perl file not being found, it is because of symbolic link. Please run the RenewCerts.exe from absolute path, C:\Program Files (x86)\home/svsytems/bin/RenewCerts.exe. If you are using OVA template, file is located on E drive, E:\Program Files (x86)\home/svsytems/bin/RenewCerts.exe
    4. Run C:\ProgramData\ASR\agent\csgetfingerprint.exe -i <enteripaddress of the csmachine> -p 443
    5. Run C:\ProgramData\ASR\agent\cdpcli --registermt
    6. Download a Site Recovery Vault Registration key from the portal (RS Vault / Site Recovery Infrastructure/ConfigurationServer)
    7. Run C:\ProgramData\ASR\home\svsystems\bin\cspsconfigtool and use the vault registration page to re-register the CS.

    You should now have all infrastructure connected and on new certificates.

    FYI if you see agents not working after the above:

     

    For Windows

    1. Stop Inmage VX Agent Service
    2. Run the csgetfingerprint command: C:\Program Files (x86)\Microsoft Azure Site Recovery\agent\csgetfingerprint.exe -i <enteripaddress of the csmachine> -p 443
    3. Start Inmage VX Agent Service

    For Linux

    1. sudo service vxagent stop
    2. sudo /usr/local/ASR/Vx/bin/csgetfingerprint -i IP_OF_CS -p 443
    3. sudo service vxagent start
    1 person found this answer helpful.