• vCenter Server plugins fail
• You see the error:
  
  Authentication errors - validate SSL Certificate thumbprints
  
  
• The vCenter Server's %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\Logs\vws.log shows:
  
  [2010-01-10 15:33:43,840 Thread-3 ERROR 'com.vmware.vim.query.servlets.ServicesContextListener'] Failed to initialize certificate:
  com.vmware.vim.common.ssl.CertificateLoadException: I/O error: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
  at com.vmware.vim.common.ssl.SSLUtil.createKeyStore(SSLUtil.java:104)
  at com.vmware.vim.common.impl.InstanceConfigImpl.<init>(InstanceConfigImpl.java:46)
  at com.vmware.vim.common.InstanceSingleton.init(InstanceSingleton.java:103)
  at com.vmware.vim.query.servlets.ServicesContextListener.initializeWebApplication(ServicesContextListener.java:202)
  at com.vmware.vim.query.servlets.ServicesContextListener.access$100(ServicesContextListener.java:60)
  at com.vmware.vim.query.servlets.ServicesContextListener$WrapInit.startUp(ServicesContextListener.java:101)
  at com.vmware.vim.query.servlets.ServicesContextListener$WrapInit.run(ServicesContextListener.java:89)
  Caused by: java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
  
  SEVERE: Error initializing endpoint
  java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
  
  Note: In Windows 2008, by default, the vws.log file is located at C:\ProgramData\VMware\Vmware VirtualCenter\Logs
  
• The vCenter Server's %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\Logs\sms.log shows:
  
  2010-01-19 15:10:54,116 [Thread-7] ERROR com.vmware.vim.sms.ServiceImpl - Unknown exception encountered during service initialization
  java.security.cert.CertificateParsingException: invalid DER-encoded certificate data
  2010-01-19 15:16:28,419 [http-127.0.0.1-8080-1] ERROR com.vmware.vim.sms.ServiceImpl - Operation QueryList failed com.vmware.vim.sms.fault.ServiceNotInitialized
  
  Note: In Windows 2008, by default, the sms.log file is located at C:\ProgramData\VMware\Vmware VirtualCenter\Logs
  
  
• After upgrading to vCenter Server 4.x, the Web Access service fails to start

This issue has been resolved. For more information see the VMware vCenter Server 4.0 Update 3 Release Notes.

To workaround this issue without updating, manually insert the password in the instance.cfg file or recreate the pfx file.

To manually insert the password in the instance.cfg file:

1. Open the C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\instance.cfg file.
   
   Note: In a Windows 2008 server, the instance.cfg file can be located at C:\ProgramData\VMware\VMware VirtualCenter\.
   
   
2. Type this text in the file:
   
   keystorePassword=testpassword
   
   Where testpassword is the password used to create the .pfx file.
   
   
3. Restart the VMware VirtualCenter Server service, the VMware VirtualCenter Management Webservices, and the VMware VCMSDS service. For more information, see Stopping, starting, or restarting vCenter services (1003895).

To recreate pfx files:

1. Recreate the pfx file with password testpassword. This is the default password hardcoded in VWS when trying to load keystore. For more information, see Replacing vCenter Server Certificates.
2. Restart the VMware VirtualCenter Server service, the VMware VirtualCenter Management Webservices, and the VMware VCMSDS service. For more information, see Stopping, starting, or restarting vCenter services (1003895).