Today I began my work with VMware’s DR product, SRM. I’ll be using this tool to migrate a few hundred virtual machines from one datacenter to another, not for DR purposes.
The first issue I ran into took me quite a bit of time to figure out. It turns out that if you are not using the supplied/default VC SSL certs (you’ve created your own via your own CA), you MUST create certificates for the SRM servers.
The VIOPS site has a great pdf that helps walk you through the process.
http://viops.vmware.com/home/docs/DOC-1261
Here are a few other helpful links that will save you a few hours when trying to figure this out…
http://support.microsoft.com/kb/931351
http://edmckinzie.spaces.live.com/Blog/cns!687C72A5909E4230!338.entry
Note: By default, a CA that is configured on a Windows Server 2003-based domain controller does not issue certificates that contain the Subject Alternative Name (SAN) extension. If SAN entries are included in the certificate request, these entries are omitted from the issued certificate. To change this behavior, run the following commands at a command prompt on the server that runs the Certification Authority service. Press ENTER after each command.
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc
