"Cloud zone insights not available yet, please check after some time" message after replacing certificate of vRealize Operations Manager integration
search cancel

"Cloud zone insights not available yet, please check after some time" message after replacing certificate of vRealize Operations Manager integration

book

Article ID: 314894

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • The certificate for the vRealize Operations Manager has been replaced since it was initially added to Aria Automation as an integration.
  • When accessing the Insights pane under Cloud Assembly -> Infrastructure -> Cloud Zone -> Insights the following message is displayed:

 "Cloud zone insights not available yet, please check after some time."

  • The /var/log/services-logs/prelude/hcmp-service-app/file-logs/hcmp-service-app.log file contains ssl errors similar to:
2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-6469b76b57-fstj6' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnumerationHelper.lambda$synchronizeWithDatabase$12:128 - [<IntegrationName>]: [<UUID>]: Error during enumerating alerts
	javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
		at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
		at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[na:na]
        at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
	Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
		at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
		at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) 

 

Note: The issue is not specific to vRealize Operation Integrations and can affect other integrations types added to Aria Automation. The same resolution steps can be applied to update the certificate stored.


Environment

VMware vRealize Automation 8.x
VMware Aria Automation 8.x

Cause

Trust is broken between Aria Automation and vRealize Operations when the vRealize Operation Manager certificate is replaced.

Resolution

The issue is pending resolution.

Workaround:

Note: Prior to performing the workaround best practise dictates you first snapshot Aria Automation

The certificate stored for the vRealize Operations Manager Integration can be updated via a PATCH api call

1. Obtain the Integration ID and the Username from the UI by opening the respective vRealize Operations Manager integration within the Aria Automation UI under Infrastructure -> Integrations

image.png
 

The Integration id portion of the url is everything after '%2F'


The integration id can also be validated in the web browsers developers tools:

image.png

2. Obtain a Bearer token following the article Generate Access_Token/Bearer_Token in VRA 8.x for API Authentication

3.  Capture the new vRealize Operations Manager certificate in PEM format by running the following command:

openssl s_client -connect <vROPSFQDN>:443 2> /dev/null | openssl x509 | awk 'NF {sub(/\r/, "");  printf "%s\\n",$0;}'

replace <vROPSFQDN> with the actual fully qualified domain name of the vRealize Operations Manager appliance

4. Submit a PATCH call to url:

https://<vRA FQDN>/iaas/api/integrations/<vROP Integration ID>?apiVersion=2021-07-15

with body:

     {
         "certificateInfo": {
             "certificate": "Certificate content captured step 3"
         }
     }

 

A 202 accepted status indicates a successful request:

image.png