Symptoms:
After replacing certificates on VMware vCenter Server, you experience these symptoms:
/var/log/vmware/sca/sca.log or C:\ProgramData\VMware\vCenterServer\logs\sca\sca.log
files for the vSphere Auto Deploy service (rbd
), you see entries similar to:2015-07-01T05:58:17.523-04:00 [pool-5-thread-21 WARN com.vmware.sca.health.HealthStatusRequest] requestHealthStatusFromEndpoint: Failed to request health status (service:'rbd', url:https://vCenter_Server_FQDN:6502/vmw/rbd/healthStatus)
javax.net.ssl.SSLException: hostname in certificate didn't match: <vCenter.vmware.local> != <vpxd-extension>
2015-05-04T07:59:29.815 [37068]ERROR:rbd_watchdog_windows:caught exception in thread Feedback
Traceback (most recent call last):
File "rbd_watchdog_windows.pyc", line 50, in infiniteLoop
File "rbd_watchdog_windows.pyc", line 64, in feedbackServer
File "rbd\waiter\feedback.pyc", line 52, in __init__
File "pyVmomi\VmomiSupport.pyc", line 543, in <lambda>
File "pyVmomi\VmomiSupport.pyc", line 352, in _InvokeMethod
File "pyVmomi\SoapAdapter.pyc", line 1270, in InvokeMethod
vim.fault.InvalidLogin: (vim.fault.InvalidLogin) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = "Can not make a connection because the username or password is incorrect.",
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
2015-05-04T07:59:31.487 [36744]ERROR:rbd_watchdog_windows:caught exception in thread VC-Monitor
Traceback (most recent call last):
File "rbd_watchdog_windows.pyc", line 50, in infiniteLoop
File "rbd_watchdog_windows.pyc", line 58, in vcMonitor
File "rbd\waiter\vc_monitor.pyc", line 48, in __init__
File "pyVmomi\VmomiSupport.pyc", line 543, in <lambda>
File "pyVmomi\VmomiSupport.pyc", line 352, in _InvokeMethod
File "pyVmomi\SoapAdapter.pyc", line 1270, in InvokeMethod
vim.fault.InvalidLogin: (vim.fault.InvalidLogin) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = "Can not make a connection because the username or password is incorrect.",
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
2015-05-04T07:59:34.838 [37068]INFO:rbd_watchdog_windows:starting Feedback
2015-05-04T07:59:34.838 [37068]INFO:vc_servers:client SSL material -- C:\ProgramData\VMware\vCenterServer\data\autodeploy\ssl\waiter.key, C:\ProgramData\VMware\vCenterServer\data\autodeploy\ssl\waiter.crt
2015-05-04T07:59:36.733 [36744]INFO:rbd_watchdog_windows:starting VC-Monitor
2015-05-04T07:59:36.733 [36744]INFO:vc_servers:client SSL material -- C:\ProgramData\VMware\vCenterServer\data\autodeploy\ssl\waiter.key, C:\ProgramData\VMware\vCenterServer\data\autodeploy\ssl\waiter.crt
2015-05-04T07:59:37.862 [37068]ERROR:rbd_watchdog_windows:caught exception in thread Feedback
Traceback (most recent call last):
File "rbd_watchdog_windows.pyc", line 50, in infiniteLoop
File "rbd_watchdog_windows.pyc", line 64, in feedbackServer
File "rbd\waiter\feedback.pyc", line 52, in __init__
File "pyVmomi\VmomiSupport.pyc", line 543, in <lambda>
File "pyVmomi\VmomiSupport.pyc", line 352, in _InvokeMethod
File "pyVmomi\SoapAdapter.pyc", line 1270, in InvokeMethod
vim.fault.InvalidLogin: (vim.fault.InvalidLogin) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = "Can not make a connection because the username or password is incorrect.",
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
2015-05-04T07:59:39.763 [36744]ERROR:rbd_watchdog_windows:caught exception in thread VC-Monitor
Traceback (most recent call last):
File "rbd_watchdog_windows.pyc", line 50, in infiniteLoop
File "rbd_watchdog_windows.pyc", line 58, in vcMonitor
File "rbd\waiter\vc_monitor.pyc", line 48, in __init__
File "pyVmomi\VmomiSupport.pyc", line 543, in <lambda>
File "pyVmomi\VmomiSupport.pyc", line 352, in _InvokeMethod
File "pyVmomi\SoapAdapter.pyc", line 1270, in InvokeMethod
vim.fault.InvalidLogin: (vim.fault.InvalidLogin) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = "Can not make a connection because the username or password is incorrect.",
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
- In Health Messages under System Configuration > Auto Deploy > Summary > Auto Deploy Summary tab, you see these errors:
- Failed to request health status from URI https://vCenter_Server_FQDN:6502/vmw/rbd/healthStatus.
- AutoDeploy Service is not running. Enable AutoDeploy and refresh.
To update the extension's certificate in vCenter Server for Windows:
vpxd-extension
solution user certificate and key:"%VMWARE_CIS_HOME%"\vmafdd\vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output c:\certificates\vpxd-extension.crt
"%VMWARE_CIS_HOME%"\vmafdd\vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output c:\certificates\vpxd-extension.key
C:\Program Files\VMware\vCenter Server\vpxd\scripts:
cd C:\Program Files\VMware\vCenter Server\vpxd\scripts
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.rbd -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s vcsa_FQDN -u Administrator@vsphere.local
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.imagebuilder -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s vcsa_FQDN -u Administrator@vsphere.local
Administrator@vsphere.local
password. root@mb1esxvc [ ~ ]# service-control --restart rbd
root@mb1esxvc [ ~ ]#
root@mb1esxvc [ ~ ]#
root@mb1esxvc [ ~ ]# service-control --restart imagebuilder
root@mb1esxvc [ ~ ]#
root
through SSH.shell.set --enabled true
shell
and press Enter.vpxd-extension
solution user certificate and key:mkdir /certificate
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.key
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.rbd -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s vcsa_FQDN -u Administrator@vsphere.local
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.imagebuilder -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s vcsa_FQDN -u Administrator@vsphere.local
Administrator@vsphere.local
password. root@mb1esxvc [ ~ ]# service-control --restart vmware-imagebuilder
Successfully restarted service imagebuilder
root@mb1esxvc [ ~ ]#
root@mb1esxvc [ ~ ]#
root@mb1esxvc [ ~ ]# service-control --restart vmware-rbd-watchdog
Successfully restarted service rbd
root@mb1esxvc [ ~ ]#