Unable to reconfigure the Lookup Service registration after a vCenter Server certificate update in Cloud Director Availability 4.0
search cancel

Unable to reconfigure the Lookup Service registration after a vCenter Server certificate update in Cloud Director Availability 4.0

book

Article ID: 315023

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Symptoms:

  • Updating the Lookup Service registration for a Cloud Director Availability service fails with a certificate chain trust error.
  • In the /opt/vmware/h4/manager/log/manager.log file on the Cloud Replication Management Appliance, you see entries similar to:
2021-03-02 06:10:16.188 ERROR - [UI-4f746dac-####-####-####-########df8-ps] [https-jsse-nio-8443-exec-4] c.v.h4.common.service.BaseConfigService : Failed to connect to lookup service at https://vcenter.vmwarevmc.com:443/lookupservice/sdk.

com.vmware.exception.GenericSSLException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured
        at com.vmware.exception.converter.ClientExceptionConverter.convertException(ClientExceptionConverter.java:64)
        at com.vmware.vlsi.util.ExceptionConverterInterceptor.handleException(ExceptionConverterInterceptor.java:30)
        at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:254)
        at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:51)
        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226)
        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:110)
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:613)
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:594)
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:345)
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:305)
        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:179)
        at com.sun.proxy.$Proxy250.retrieveServiceContent(Unknown Source)
        at com.vmware.vlsi.client.sso.SsoAdminFactory.onConnect(SsoAdminFactory.java:24)
        at com.vmware.vlsi.client.sso.SsoAdminFactory.onConnect(SsoAdminFactory.java:11)
        at com.vmware.vlsi.client.AbstractConnectionFactory.acquire(AbstractConnectionFactory.java:40)
        at com.vmware.vlsi.client.AbstractConnectionFactory.acquire(AbstractConnectionFactory.java:22)
        at com.vmware.vlsi.client.SsoInfo.<init>(SsoInfo.java:58)
        at com.vmware.vlsi.client.SsoInfo.<init>(SsoInfo.java:39)
        at com.vmware.vlsi.client.sso.LsGatewayBase.initSsoInfo(LsGatewayBase.java:44)
        at com.vmware.h4.common.service.BaseConfigService.getSsoInfoFromLs(BaseConfigService.java:213)
        at com.vmware.h4.common.service.BaseConfigService.validateLookupService(BaseConfigService.java:180)
        at com.vmware.h4.common.controller.BaseConfigController.validateLookupService(BaseConfigController.java:129)
        ...


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware Cloud Director Availability 4.x

Cause

This issue can occur when the vCenter Server certificate has been updated and the new certificate doesn't match the cached certificate being used by Cloud Director Availability.

Resolution

This issue is resolved in Cloud Director Availability 4.0.1, available at Support Documents and Downloads (broadcom.com).

Workaround:
To work around this issue, clear the cached certificate by restarting the Cloud Director Availability services.

For more information, see the Restart the VMware Cloud Director Availability Services section of the Cloud Director Availability documentation.

Powered by Wolken Software