Unable to connect Cloud Gateway to Cloud vCenter Server
book
Article ID: 308472
calendar_today
Updated On:
Products
VMware vCenter ServerVMware vSphere ESXi
Issue/Introduction
Symptoms: While in the Cloud Gateway HTML5 Client, attempts to Connect to Cloud vCenter Server fails with "Link failed with reason: Internal server error Contact support for further assistance"
Cloud Gateway - /var/log/vmware/hvc/hvc-svc.log
2019-10-21T17:44:34.792-04:00 [tomcat-exec-1 ERROR com.vmware.hvc.vapi.impl.LinksProviderImpl opId=] Link failed with reason: Internal server error Contact support for further assistance java.lang.Exception: Failed to create trust on the domain at com.vmware.hvc.setup.CertificateExchange.copyVcTrusts(CertificateExchange.java:472) at com.vmware.hvc.vapi.impl.LinksProviderImpl.createLinksV2(LinksProviderImpl.java:526) . . . Caused by: com.vmware.vapi.std.errors.InternalServerError: InternalServerError (com.vmware.vapi.std.errors.internal_server_error) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = vapi.bindings.method.impl.unexpected, defaultMessage = Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.Error, args = [com.vmware.vapi.std.errors.Error] [dynamic fields]: { localized = <unset>, params = <unset> } }, LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = com.vmware.vcenter.trustmanagement.error, defaultMessage = Signing certificate does not allow digital signature use, args = [Signing certificate does not allow digital signature use] [dynamic fields]: { localized = <unset>, params = <unset> } }], data = <null> [dynamic fields]: { error_type = INTERNAL_SERVER_ERROR } } at com.vmware.vapi.std.errors.InternalServerError._newInstance(InternalServerError.java:152)
Environment
VMware vCenter Server 6.7.x VMware vSphere ESXi 6.7
Cause
Pre-vSphere 5.5 certificates issued by RSA are carried over as Trusted Certificates, but are not used to sign tokens. When attempting to connect the Cloud Gateway to the Cloud vCenter Server, these certificates are unable to be pushed to form the trust denoted by "Failed to create trust on the domain."
Resolution
Before attempting, shut down all PSC/VC nodes (including the Cloud Gateway VM) and take powered-off snapshots. This is to ensure data integrity and prevent mid-flight replication amongst the PSCs.