VirtualCenter Server fails when you deploy a virtual machine with customizations
search cancel

VirtualCenter Server fails when you deploy a virtual machine with customizations


Article ID: 305378


Updated On:


VMware vCenter Server


  • VirtualCenter Server fails when you deploy a virtual machine with customizations.
  • When attempting to deploy a virtual machine from a Template, you see the error:

    The VirtualCenter server is unable to decrypt passwords stored in the customization specification


VMware VirtualCenter 2.5.x


This issue is resolved in vCenter Server 2.5 Update 6. For more information, see the vCenter Server 2.5 Update 6 Release Notes.
Prior to vCenter Server 2.5 Update 6, this issue may occur when a virtual machine is deployed from a template using an existing customized specification.
Using the Customization Specification Wizard in the ESX 3.0.1 and VirtualCenter 2.0.1 Basic System Administration Guide states:
Saved customization files are unique to each VirtualCenter Server and to each version of VirtualCenter due to encryption. You have to recreate the customization files for each VirtualCenter Server. Encryption is preserved between upgrade versions on the same VirtualCenter Server. This means you can use the same files between upgrades of VirtualCenter. However, if you uninstall VirtualCenter and later do a fresh installation, the ability to decrypt passwords from the earlier installation is lost.
As such, if SSL files (rui.crt and rui.key) get replaced for any reason, all customization specification created with the older certificate and key fail decryption. For customers that are having decryption issues, ensure that the rui.crt and rui.key files in C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL are the same as when they created the customization specifications.

Issues may also occur when custom certificates are used.

By default, the password in a customization specification is encrypted using the VirtualCenter certificate. If this certificate is changed or overwritten (for example in a disaster recovery scenario where a new VirtualCenter Server is installed) when VirtualCenter tries to decrypt the password it is not able to.

To workaround this issue:
  1. Export the customized specification to an .xml file.
  2. Edit the .xml file such the the plainText tag is as follows:

  3. Import the customized specification and attempt deployment.