"Error in logging in with user Administrator to the vCloud host" when attempting to add vCloud Director to Aria Orchestrator 8.9.1 or higher
search cancel

"Error in logging in with user Administrator to the vCloud host" when attempting to add vCloud Director to Aria Orchestrator 8.9.1 or higher

book

Article ID: 314852

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • When invoking the "add a connection" workflow to add vCloud Director endpoint to Aria Orchestrator version 8.9.1 or higher the workflow fails with the error:

Error in logging in with user Administrator to the vCloud host https://<vCDFQDN>:443 (Dynamic Script Module name : addHost#19)

  • The /var/log/services-logs/prelude/vco-app/file-logs/vco-server-app.log file contains errors referencing either missing trustAnchors or a failure to get full certificate chain:

2023-02-02T13:55:38.849Z WARN vco [host='vco-app-69xxxxxxbc-hxxxq' thread='WorkflowExecutorPool-Thread-6' user='<Username>' org='-' trace='-'] {|__SYSTEM|<Username>:Add a connection:8780xxxxxxxx8080xxxxxxxx8080xxxxxxxx8080xxxxxxxx4047xxxxxxxxc0fce:token=2a2axxxx-xxxx-xxxx-xxxx-xxxxxxxxa3d0} org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {https://<vCDFQDN>:443/api/versions}WebClient has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.

at java.lang.Thread.run(Thread.java:829) [?:?]
Caused by: javax.net.ssl.SSLException: SSLException invoking https://<vCDFQDN>:443/api/versions: Unexpected error: java.security.Anchors
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63) ~[cxf-core-3.4.5.jar:3.4.5]
        ... 64 more
Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
        at sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[?:?]

 

2023-02-03T09:01:02.138Z ERROR vco [host='vco-app-6b8dxxxxxx-xxxxx' thread='WorkflowExecutorPool-Thread-1' user='<Username>' org='3cdfxxxx-xxxx-xxxx-xxxx-xxxxxxxxd544' trace='-'] {|__SYSTEM|gss:Add a connection:8780xxxxxxxx8080xxxxxxxx8080xxxxxxxx8080xxxxxxxx4047xxxxxxxxc0fce:token=6f46xxxx-xxxx-xxxx-xxxx-xxxxxxxx27ab} com.vmware.vmo.plugin.vcloud.VCloudAdaptor - com.vmware.vmo.plugin.vcloud.VCloudPluginException: com.vmware.vmo.plugin.vcloud.VCloudPluginException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<vCDIP/FQDN>:443/api/versions: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: com.vmware.vmo.plugin.vcloud.VCloudPluginException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://<vCDIP/FQDN>:443/api/versions: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.vmware.vmo.plugin.vcloud.client.rest.VcdRestClient.login(VcdRestClient.java:126) ~[o11nplugin-vcloud-core-10.3.0.1.jar:?]
        ... 51 more

  • The credentials are known to be valid and the vCloud Director certificates are already imported and trusted in the Aria Orchestrator control center interface.


Environment

VMware vRealize Orchestrator 8.x

Cause

This issue occurs due to changes in certificate management introduced in the Aria Orchestrator 8.9.1 version which introduced compatibility issue for certain plugin builds.

Resolution

A resolution will be included in a future version of the Aria Orchestrator vCloud Director plugin. In the interim see workaround section below.

Workaround:


1. To resolve the issue SSH to the Aria Orchestrator appliance and execute the below command to sync the SSL trust store manually:

bash -c 'base64 -d <<< "a3ViZWN0bCAtbiBwcmVsdWRlIGV4ZWMgLXQgJChrdWJlY3RsIGdldCBwb2QgLW4gcHJlbHVkZSAtbCBhcHA9dmNvLWFwcCAtbyBqc29ucGF0aD0iey5pdGVtc1swXS5tZXRhZGF0YS5uYW1lfSIgLS1maWVsZC1zZWxlY3RvciBzcGVjLm5vZGVOYW1lPSQoY3VycmVudF9ub2RlKSkgLWMgdmNvLXNlcnZlci1hcHAgLS0gYmFzaCAtYyAiYmFzZTY0IC1kIDw8PCAnUzFOZlVFRlVTRDBpTDNWemNpOXNhV0l2ZG1OdkwyRndjQzF6WlhKMlpYSXZZMjl1Wmk5elpXTjFjbWwwZVM5cWMzTmxZMkZqWlhKMGN5SUtURTlIWDBaSlRFVTlKRXhQUTBGTVNFOVRWRjlNVDBkZlJrbE1SVjlFU1ZKRlExUlBVbGt2ZG5KdlgyeHZZMkZzWDJ0bGVYTjBiM0psWDNONWJtTXViRzluQ2dwR1NWQlRYMDFQUkVWZlJVNUJRa3hGUkQwaVpXNWhZbXhsWkNJS1JrbFFVMTlOVDBSRlgxTlVVa2xEVkQwaWMzUnlhV04wSWdwcFppQmJXeUFpSkVaSlVGTmZUVTlFUlNJZ1BYNGdYaWdrUmtsUVUxOU5UMFJGWDBWT1FVSk1SVVI4SkVaSlVGTmZUVTlFUlY5VFZGSkpRMVFwSkNCZFhRcDBhR1Z1Q2lBZ0lDQkxVMTlVV1ZCRlBTSkNRMFpMVXlJS1pXeHpaUW9nSUNBZ1MxTmZWRmxRUlQwaVNrdFRJZ3BtYVFvS0NteHZaMTl0WlhOellXZGxLQ2tnZXdvZ0lHVmphRzhnSWxza0tHUmhkR1VnTFMxMWRHTWdJaXNsUmxRbFZDNGxNMDVhSWlsZElDUXhJaUErUGlBa1RFOUhYMFpKVEVVS2ZRb0tablZ1WTNScGIyNGdhVzV6ZEdGc2JGOWpaWEowS0NrZ2V3b2dJQ0FnYkc5allXd2dZV3hwWVhNOUpERUtJQ0FnSUd4dlkyRnNJSEJsYlY5emRISnBibWM5SkRJS0lDQWdJR2xtSUZzZ0xYb2dJaVJoYkdsaGN5SWdYVHNnZEdobGJnb2dJQ0FnSUNBZ0lHVmphRzhnSWtObGNuUnBabWxqWVhSbElHRnNhV0Z6SUdseklHVnRjSFI1TGlCRGIzVnNaQ0J1YjNRZ2MzbHVZMmh5YjI1cGVtVWdkR2hsSUdObGNuUnBabWxqWVhSbExpSUtJQ0FnSUNBZ0lDQnNiMmRmYldWemMyRm5aU0FpUTJWeWRHbG1hV05oZEdVZ1lXeHBZWE1nYVhNZ1pXMXdkSGt1SUVOdmRXeGtJRzV2ZENCemVXNWphSEp2Ym1sNlpTQjBhR1VnWTJWeWRHbG1hV05oZEdVdUlnb2dJQ0FnSUNBZ0lISmxkSFZ5YmlBeENpQWdJQ0JtYVFvZ0lDQWdhV1lnV3lBdGVpQWlKSEJsYlY5emRISnBibWNpSUYwN0lIUm9aVzRLSUNBZ0lDQWdJQ0JsWTJodklDSkRaWEowYVdacFkyRjBaU0J3WlcwZ2FYTWdaVzF3ZEhrdUlFTnZkV3hrSUc1dmRDQnplVzVqYUhKdmJtbDZaU0JqWlhKMGFXWnBZMkYwWlRvZ0pHRnNhV0Z6SWk0S0lDQWdJQ0FnSUNCc2IyZGZiV1Z6YzJGblpTQWlRMlZ5ZEdsbWFXTmhkR1VnY0dWdElHbHpJR1Z0Y0hSNUxpQkRiM1ZzWkNCdWIzUWdjM2x1WTJoeWIyNXBlbVVnWTJWeWRHbG1hV05oZEdVNklDUmhiR2xoY3k0aUNpQWdJQ0FnSUNBZ2NtVjBkWEp1SURJS0lDQWdJR1pwQ2dvZ0lDQWdaV05vYnlBaVUzbHVZMmh5YjI1cGVtbHVaeUJqWlhKMGFXWnBZMkYwWlNBa1lXeHBZWE1nZEc4Z2JHOWpZV3dnYTJWNWMzUnZjbVVpQ2lBZ0lDQnNiMmRmYldWemMyRm5aU0FpVTNsdVkyaHliMjVwZW1sdVp5QmpaWEowYVdacFkyRjBaU0IzYVhSb0lHRnNhV0Z6T2lBa1lXeHBZWE1nZEc4Z2JHOWpZV3dnYTJWNWMzUnZjbVV1WEc0Z1EyVnlkR2xtYVdOaGRHVTZJRnh1SUNSd1pXMWZjM1J5YVc1bklnb0tJQ0FnSUhSbGMzUWdMV1FnTDNWemNpOXNhV0l2ZG1OdkxXTnNhUzltYVhCekx5QjhmQ0J5Y0cwZ0xXa2dMUzF1YjJSbGNITWdMM1pqYnkxalptY3RZMnhwTG5Kd2JRb2dJQ0FnUWtOZlJrbFFVMTlLUVZKVFBTUW9abWx1WkNBdmRYTnlMMnhwWWk5MlkyOHRZMnhwTDJacGNITXZJQzF1WVcxbElDY3FabWx3Y3lvbklDMTBlWEJsSUdaOGVHRnlaM01nZkhSeUlDY2dKeUFuT2ljcENpQWdJQ0JDUTE5UFVGUlRQU0l0Y0hKdmRtbGtaWEp3WVhSb0lDUjdRa05mUmtsUVUxOUtRVkpUZlNBdGNISnZkbWxrWlhJZ2IzSm5MbUp2ZFc1amVXTmhjM1JzWlM1cVkyRnFZMlV1Y0hKdmRtbGtaWEl1UW05MWJtTjVRMkZ6ZEd4bFJtbHdjMUJ5YjNacFpHVnlJZ29LSUNBZ0lHTmxjblJmWm1sc1pUMGtLRzFyZEdWdGNDQXZkRzF3TDJObGNuUXVNUzVZV0ZndWNHVnRLUW9nSUNBZ1pXTm9ieUFpSkhCbGJWOXpkSEpwYm1jaUlENGdKR05sY25SZlptbHNaUW9nSUNBZ2JHOWpZV3dnY21WemRXeDBQU1FvYTJWNWRHOXZiQ0FrUWtOZlQxQlVVeUF0YTJWNWMzUnZjbVVnSkV0VFgxQkJWRWdnTFhOMGIzSmxkSGx3WlNBa1MxTmZWRmxRUlNBdGMzUnZjbVZ3WVhOeklDUkxVMTlRUVZOVFYwOVNSQ0F0YVcxd2IzSjBZMlZ5ZENBdGJtOXdjbTl0Y0hRZ0xXRnNhV0Z6SUNJa1lXeHBZWE1pSUMxbWFXeGxJQ0lrWTJWeWRGOW1hV3hsSWlrS0lDQWdJR3h2WjE5dFpYTnpZV2RsSUNJa2NtVnpkV3gwSWdvS0lDQWdJSEp0SUMxbUlDUmpaWEowWDJacGJHVUtmUW9LWldOb2J5QWlRMkZzWTNWc1lYUnBibWNnZGxKUElFTmxjblJwWm1sallYUmxjeTRpQ2t0RldWTlVUMUpGWDB4SlUxUTlKQ2d2ZFhOeUwyeHBZaTkyWTI4dlkyWm5MV05zYVM5aWFXNHZkbkp2TFhSb2FXNHRZMlpuTG5Ob0lHdGxlWE4wYjNKbElHeHBjM1FwQ214dloxOXRaWE56WVdkbElDSkxaWGx6ZEc5eVpTQmpiMjUwWlc1ME9pQWtTMFZaVTFSUFVrVmZURWxUVkNJS0NpTWdRMjkxYm5RZ2RHaGxJR05sY25ScFptbGpZWFJsY3dwalpYSjBYMk52ZFc1MFBTUW9aV05vYnlBaUpFdEZXVk5VVDFKRlgweEpVMVFpSUh3Z1ozSmxjQ0FpUVd4cFlYTTZJaUI4SUhkaklDMXNLUXBzYjJkZmJXVnpjMkZuWlNBaVJtOTFibVFnSkdObGNuUmZZMjkxYm5RZ1kyVnlkR2xtYVdOaGRHVnpMaUlLQ2lNZ1NYUmxjbUYwWlNCdmRtVnlJR05sY25ScFptbGpZWFJsY3dwbWIzSWdhVzVrWlhnZ2FXNGdKQ2h6WlhFZ01TQWtZMlZ5ZEY5amIzVnVkQ2s3SUdSdkNpQWdZM1Z5Y21WdWRGOWpaWEowUFNRb1pXTm9ieUFpSkV0RldWTlVUMUpGWDB4SlUxUWlJSHdnWVhkcklDSXZRV3hwWVhNNkwzdHBLeXQ5YVQwOUpHbHVaR1Y0SWlrS0lDQmpkWEp5Wlc1MFgyRnNhV0Z6UFNRb1pXTm9ieUFpSkdOMWNuSmxiblJmWTJWeWRDSWdmQ0JoZDJzZ0p5OUJiR2xoY3pvdklIdHdjbWx1ZENBa01uMG5LUW9nSUdOMWNuSmxiblJmY0dWdFBTUW9aV05vYnlBaUpHTjFjbkpsYm5SZlkyVnlkQ0lnZkNCaGQyc2dKeTlDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzhzTDBWT1JDQkRSVkpVU1VaSlEwRlVSUzhnZTNCeWFXNTBJQ1F3ZlNjcENpQWdhVzV6ZEdGc2JGOWpaWEowSUNJa1kzVnljbVZ1ZEY5aGJHbGhjeUlnSWlSamRYSnlaVzUwWDNCbGJTSUtaRzl1WlE9PScgfCBiYXNoIC0i" | bash -'

 

2. The command should display output similar to the image below. Once command has finished executing run again the 'Add a connection' workflow.