RecoverPoint for VMs: Configure Plug-in Server Failed, Did Not Add Credentials for User Admin to Plug-in Server

Summary: Configuring RecoverPoint plug-in server from WDM interface receives the error "Configure plug-in server failed. Failed to add credentials for user admin to the plug-in server."

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Configuring the plug-in server fails to complete and produces the following error: 
Configure plug-in server failed. Failed to add credentials for user admin to plug-in server
The ClusterLogic logs (home/kos/RPServers/RPServers_logs/clusterLogic) show the following details: 
2021/02/02 13:39:00.281 [pool-4-thread-3384] (Task.java:93) DEBUG - GetClusterVCsCredentialsTask: Task successful: Retrieving the credentials of all registered vCenter servers on the cluster.
2021/02/02 13:39:00.281 [pool-4-thread-3384] (Task.java:111) DEBUG - GetClusterVCsCredentialsTask: task: Retrieving the credentials of all registered vCenter servers on the cluster.old status is: RUNNING, setting status to SUCCESS.
2021/02/02 13:39:00.281 [pool-4-thread-3384] (BaseRpaCall.java:36) DEBUG - Starting GetRpcsIpsFromClusterCall
2021/02/02 13:39:00.281 [pool-4-thread-3384] (BaseInstallationServerAdapter.java:117) INFO - validateConnection - validating connection to: xxx.xxx.xxx.xxx
2021/02/02 13:39:00.312 [pool-4-thread-3388] (BaseInstallationServerAdapter.java:214) DEBUG - Getting transaction 6321 result with timeout in secs: 350
2021/02/02 13:39:00.313 [pool-4-thread-3384] (BaseInstallationServerAdapter.java:214) DEBUG - Getting transaction 2287 result with timeout in secs: 350
2021/02/02 13:39:00.346 [pool-4-thread-3384] (GeneralUtils.java:233) DEBUG - Sleeping for: waiting for transaction 2287 to complete, time to sleep in millis is: 1000
2021/02/02 13:39:00.347 [pool-4-thread-3388] (GeneralUtils.java:233) DEBUG - Sleeping for: waiting for transaction 6321 to complete, time to sleep in millis is: 1000
2021/02/02 13:39:00.486 [pool-4-thread-3393] (BaseInstallationServerAdapter.java:214) DEBUG - Getting transaction 1953 result with timeout in secs: 350
2021/02/02 13:39:00.515 [pool-4-thread-3393] (BaseInstallationServerAdapter.java:227) DEBUG - transaction: 1953 ended, calling get method for result
2021/02/02 13:39:00.533 [pool-4-thread-3386] (BaseInstallationServerAdapter.java:100) ERROR - Failed to connect to vRPA with IP xxx.xxx.xxx.xxx.
com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 401: null

2021/02/02 13:44:11.340 [pool-4-thread-3396] (Task.java:111) DEBUG - GetVcsStatusTask: task: Obtaining vCenter status for vRPA 1 at cluster vRPA_CLUSTER.old status is: RUNNING, setting status to SUCCESS.
2021/02/02 13:44:11.341 [https-openssl-nio-443-exec-10] (GetClusterStatusTask.java:50) DEBUG - GetClusterStatusTask FINISHED, returning: ClusterStatus(clusterName=vRPA_CLUSTER, clusterIps=[xxx.xxx.xxx.xxx],
extendedRpasStatuses=[ExtendedRpaStatus(rpaIp=xxx.xxx.xxx.xxx, rpaNumber=2, rpaVersion=unknown, rpaStatus=RpaStatus(message=Message(message=Failed to retrieve vRPA 2 status. Verify connectivity and credentials and try again., messageType=ERROR), attached=Unknown)),
ExtendedRpaStatus(rpaIp=xxx.xxx.xxx.xxx, rpaNumber=1, rpaVersion=5.3.SP1(m.161), rpaStatus=RpaStatus(message=Message(message=vRPA 1 is OK., messageType=INFO), attached=Attached))], vcsStatuses=[VcStatus(vcIp=xxx.xxx.xxx.xxx, vcName=vCENTER_NAME, vcConnectivity=true,
vwcPluginVersion=5.3.1.0, rpcIp=172.19.136.149, flexExtensionSupported=true)], currentCluster=false)

2021/02/04 15:47:52.723 [https-openssl-nio-443-exec-9] (RESTClient.java:245) ERROR - performCall - got error statusCode: '405', from call to: 'https://xxx.xxx.xxx.xxx/api/v1/rp-clusters/users/admin'
2021/02/04 15:47:52.724 [https-openssl-nio-443-exec-9] (AddClusterCredentialsToRPCenterRESTTask.java:61) ERROR - Got an error from plugin server: Method Not Allowed
2021/02/04 15:47:52.724 [https-openssl-nio-443-exec-9] (Task.java:116) DEBUG - AddClusterCredentialsToRPCenterRESTTask: task: Adding vRPA Cluster credentials to plugin server with IP xxx.xxx.xxx.xxx.old status is: RUNNING, setting status to ERROR.
2021/02/04 15:47:52.726 [https-openssl-nio-443-exec-9] (Task.java:98) ERROR - AddClusterCredentialsToRPCenterRESTTask :Task failed: Adding vRPA Cluster credentials to plugin server with IP xxx.xxx.xxx.xxx.
com.emc.recoverpoint.utils.javainfra.status.tasks.exception.TaskFailedException: Failed to add credentials for user admin to plugin server: xxx.xxx.xxx.xxx.

2021/02/04 15:47:52.727 [https-openssl-nio-443-exec-9] (Task.java:116) DEBUG - RegisterVCAndAddRpClusterCredentialsToRPCenterTask: task: Adding vCenter and vRPA cluster credentials to plugin server.old status is: SUCCESS, setting status to ERROR.
2021/02/04 15:47:52.728 [https-openssl-nio-443-exec-9] (Task.java:98) ERROR - RegisterVCAndAddRpClusterCredentialsToRPCenterTask :Task failed: Adding vCenter and vRPA cluster credentials to plugin server.
com.emc.recoverpoint.utils.javainfra.status.tasks.exception.TaskFailedException: Failed to add credentials for user admin to plugin server: xxx.xxx.xxx.xxx.

Caused by: com.emc.recoverpoint.utils.javainfra.status.tasks.exception.TaskFailedException: Failed to add credentials for user admin to plugin server: xxx.xxx.xxx.xxx.
at com.emc.recoverpoint.deployment.task.AddClusterCredentialsToRPCenterRESTTask.handleResponse(AddClusterCredentialsToRPCenterRESTTask.java:62)
at com.emc.recoverpoint.deployment.task.AddClusterCredentialsToRPCenterRESTTask.perform(AddClusterCredentialsToRPCenterRESTTask.java:53)
at com.emc.recoverpoint.deployment.task.AddClusterCredentialsToRPCenterRESTTask.perform(AddClusterCredentialsToRPCenterRESTTask.java:16)
at com.emc.recoverpoint.utils.javainfra.status.tasks.Task.executeSync(Task.java:91)
at com.emc.recoverpoint.utils.javainfra.status.tasks.SerialTask.perform(SerialTask.java:32)
... 72 more
2021/02/04 15:47:52.728 [https-openssl-nio-443-exec-9] (ConfigurePluginServerRESTCommand.java:34) ERROR - com.emc.recoverpoint.utils.javainfra.status.tasks.exception.TaskFailedException: Failed to add credentials for user admin to plugin server: xxx.xxx.xxx.xxx.
Another symptom shows the following errors in ClusterLogic logs: 
"You must confirm the root CA certificate for vCenter Server 'xx.xx.xx.xx:443' before you can register it."
"SSL Connection failed. Add the following vCenter CA certificate to RPCenter and try again."
In the plug-in server logs found under *_rpc_authentication.log, you should see the following errors: 
Feb 02 23:59:58 vRPA_CLUSTER run.sh[661]: authentication [ERROR] (vcs_monitor.py:79) - Error getting custom fields for VC d70c2118-***-4da2-ae82-4a2c6b925449 ((500)
Feb 02 23:59:58 vRPA_CLUSTER run.sh[661]: Reason: INTERNAL SERVER ERROR
Feb 02 23:59:58 vRPA_CLUSTER run.sh[661]: HTTP response headers: HTTPHeaderDict({'Date': 'Tue, 02 Feb 2021 22:59:58 GMT', 'Content-Type': 'application/json', 'Content-Length': '104', 'Connection': 'keep-alive'})
Feb 02 23:59:58 vRPA_CLUSTER run.sh[661]: HTTP response body: {"error":{"code":"994000705","message":"Failed connecting to VC d70c2118-***-4da2-ae82-4a2c6b925449"}}
Feb 02 23:59:58 vRPA_CLUSTER run.sh[661]: ).
Feb 02 23:59:58 vRPA_CLUSTER run.sh[661]: authentication [ERROR] (vcs_monitor.py:66) - Error connecting to VC Inventory service

Cause

The vCenter server contains two different certificates. The first certificate by the vRPAs which validates it, sending it to the plug-in server. The plug-in server then attempts to contact the vCenter to validate that the certificates match. When this call is made, the other certificate is retrieved, which has a different signature than the first originally sent to the vRPAs.

Resolution

Workaround:
Add the vCenter certificates to the truststore of the plug-in server by following this procedure:
  1. Download the certificates from the vCenter server by using the following URL: 
    http://vCenterIP/certs/download.zip  
NOTE: It may be necessary to try various browsers in order to download the .zip file depending on your security settings. 
  1. Extract the downloaded .zip file.
  2. Go to the \certs\lin directory in this file and rename all included certificates by adding .pem at the end of the file name.
Below is an example of the listed certificates:
       Example of listing of certificates
Figure 1: Example of listing of certificates
  1. Copy all certificates to the /etc/pki/trust/anchors directory of the plug-in server. To gain access to the plug-in server using SSH, log in to the plug-in server using the console with root credentials and disable the firewall using the following command:
/sbin/SuSEfirewall2 off 
  1. Run the following command from within the plug-in server to update the list of trusted certificates.
update-ca-certificates 
  1. Rerun the Configure plug-in wizard from the WDM.
  2. After validating that all is working well, enable the firewall on the plug-in server using the following command:
/sbin/SuSEfirewall2 on
Article Properties
Article Number: 000183108
Article Type: Solution
Last Modified: 27 Sep 2023
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.