Hello All,
I installed a pair of SRM 8.1.1 servers associated with respective vCenter servers (6.7U1) in Protected and Recovery Sites. Create a new pair operation was successful as well. Protection Groups and Recovery Plans were created seamlessly.
After one day I started getting the following SRM errors:
srmxxx SRM Server cannot connect to VC Server at vcyyy:443/sdk'. Permission to perform this operation was denied.
srmxxx SRM Server cannot connect to SRM Server at 'srmyyy:9086/vcdr/vmomi/sdk'. Permission to perform this operation was denied.
srmyyy SRM Server cannot connect to VC Server at 'vcxxx:443/sdk'. Permission to perform this operation was denied.
srmyyy SRM Server cannot connect to SRM Server at 'srmxxx:9086/vcdr/vmomi/sdk'. Permission to perform this operation was denied.
We still have one External PSC ( that would be decommissioned soon) and all vCenters 6.7 with embedded PSC because we are during VMware Infra upgrading process.
I used domain administrator account namely administrator@vsphere,local on both sides. I could not find any additional information in SRM logs.
Reconfigure Site Pair operation was already done and it does not help. Change installed SRM from Windows 2012 R2 Control Panel is blocked due to UAC restriction that is imposed by GPO domain policy.
How can we explain that administrator@vsphere.local account can generate "Permission to perform this operation was denied" error?
Of course log on to the vCenter Appliance via mentioned administrator account is still successful.
What can be a nature of this kind of error? Should I suspect Firewall Settings issue or internal SRM problem?
Is it possible that External PSC that is currently not associated with any SRM server can be a disruptive source?
Any suggestions would be appreciated.