Tag Archives: SRM

Upgrading Site Recovery Manager (SRM) 8.3.1 to 8.4

I recently started looking at prerequisites to a vSphere 7 upgrade, by reviewing any associated upgrades that might be needed. VMware Site Recovery Manager was one product that needed to be upgraded prior to this. I decided I would fire up a quick nested setup in my HomeLab to run through the process before hand and share the process!

This nested lab consists of two ESXi 6.7 nested hosts, two vCenter 6.7 VCSA’s and two SRM 8.3.1 appliances, with the VCSA’s and SRM appliances having custom CA certificates installed.

I made use of @lamw’s VirtuallyGhetto WilliamLam.com Nested ESXi Appliances for the host deployment via the subscribed content library he offers. (Super easy to deploy nested hosts quickly if you haven’t come across this before!)

Now on to the upgrade.

Firstly, make sure you have have sufficiently backed up your environment! Take a backup of your SRM configuration by using the Export/Import SRM Configuration Tool within SRM. Once you click export it will allow you to download the config backup to your local machine. Then take a snapshot the SRM appliances.

During the upgrade, SRM does not retain any advanced settings that you configured in the previous installation, so make sure you have made a note of any modified advanced settings such as timeouts etc before beginning.

Note: protection groups and recovery plans that are not in a valid state will not be preserved!

Other important checks before you begin –

Verify that there are no pending cleanup operations on recovery plans and that there are no configuration issues for the virtual machines that Site Recovery Manager protects.

  • All recovery plans are in the Ready state.
  • The protection status of all the protection groups is OK.
  • The protection status of all the individual virtual machines in the protection groups is OK.
  • The recovery status of all the protection groups is Ready.

Now, mount the SRM 8.4 ISO to the appliance you are going to upgrade first, and log into the SRM VAMI. Browse to the update section and edit the update source to be CD-ROM.

You will then get the option to install 8.4.

Providing you are in an appropriate window to take your SRM solution offline, have no recoveries in progress and have checked the list of important steps above, hit install and follow the prompts.

If you are upgrading other VMware products too make sure you visit this site to review the order for upgrading other components, such as vSphere Replication.

Once the upgrade is complete, log back into the SRM VAMI. You will see a prompt to reconfigure the connection to vCenter/PSC.

Hit the ‘RECONFIGURE’ button and follow the wizard to reconnect to your vCenter and PSC

Once complete, refresh your browser and log back in. You will now see your successfully upgraded SRM appliance running 8.4 and connected to your vCenter/PSC.

Sometimes clearing your browser cache is needed should you get oddities…

Now repeat the process for your partner SRM appliance.

Once complete, you should now have two upgrade SRM appliances!

From here you many need to update the Storage Replication Adapters (SRA) (if you are using array based replication). Check the VMware Compatibility Matrix – here.

You can find VMware’s official documentation here.

Thanks for reading!

SRM 8.3 Certificate Management

Following on from my last post on vSphere 7.0 certificate Management, I wanted to continue with another certificate related post. This one being Site Recovery Manager (SRM) 8.3. Like vSphere 7.0, this version seems simpler than previous versions I have used.

With SRM, it’s the Appliance Certificate replacement that I am going to take you through in this blog post.

Firstly log into the SRM appliance management console via https://<srm-fqdn&gt;:5480 and select the ‘Certificates’ option on the left, followed by ‘Generate CSR’ in the top right.

Fill in the information for your certificate, then click ‘Generate and Download’. You then need to process the CSR with your certificate authority, whether thats an internal, public or lab CA.

New Private Key and CSR 
Generating a new private key invalidates any existing Certificate Signing Request (CSR) configuration. 
A private key is created when you generate the CSR, making a key pair. 
This information will be used to generate a certificate. 
Organization 
Organization unit 
Locality 
State 
Country 
FQDN 
IP addresses 
smt-lab.local 
smt-lab 
Lab City 
Labshire 
GB 
Two letters country code. 
smt-lab-srm-01.smt-lab.local 
10.200.15.25 
CANCEL 
GENERATE AND DOWNLOAD

Once you have your certificate, select the ‘Certificates’ option on the left again, this time followed by ‘Change’ in the top right.

Select the last option in the Select certificate type section; ‘CA-signed certificate generated from CSR’. Then, browse both your newly generated certificate and either you root CA certificate, or the CA chain. Click ‘Change’ once done.

This should complete the replacement of the SRM appliance certificate!

If like me you get an error complaining that the IP or Common name / SAN is missing, make sure the local host field is set to the FQDN when connecting SRM to vCenter.

Thanks for reading!