vRSLCM Inventory sync for vRLI fails with error: Failed to execute vRLI insertion operation on SDDC Manager
search cancel

vRSLCM Inventory sync for vRLI fails with error: Failed to execute vRLI insertion operation on SDDC Manager

book

Article ID: 316048

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite) VMware Cloud Foundation

Issue/Introduction

  • vRSLCM Inventory sync for vRLI fails with error 
    Failed to execute vRLI insertion operation on SDDC Manager
  • SDDC Manager /var/log/vmware/vcf/operationsmanager/operationsmanager.log which shows the credential query task is initiated 
    DEBUG [vcf_om,42##########9b,5667] [c.v.v.p.s.PasswordLookupService,http-nio-127.0.0.1-7300-exec-3] Fetch credentials from Entity type VRLI
DEBUG [vcf_om,42##########9b,807e] [c.v.v.p.helper.CredentialHelper,om-exec-15] Query credentials based on entityType: VRLI, SkipPasswords true
DEBUG [vcf_om,42##########9b,807e] [c.v.v.p.helper.CredentialHelper,om-exec-15] Size from Credentials query API from page 0 : 0
INFO [vcf_om,42##########9b,9e78] [c.v.v.p.l.t.LoginsightFetcherTask,om-exec-6] Processing vrlis, vrli primary node:<vRLI Node FQDN>
INFO [vcf_om,42##########9b,9e78] [c.v.v.p.l.t.LoginsightFetcherTask,om-exec-6] Processing worker node <vRLI Node FQDN of vRLI VIP>
INFO [vcf_om,42##########9b,9e78] [c.v.v.p.l.t.LoginsightFetcherTask,om-exec-6] Processing worker node <vRLI Node FQDN of vRLI VIP>
ERROR [vcf_om,42##########9b,5667] [c.v.v.p.l.u.LookupResponseProcessor,http-nio-127.0.0.1-7300-exec-3] Skipping/Couldn't fetch credentials for entityType : VRLI
  • Error in SDDC Manager /var/og/vmware/vcf/domainmanager/domainmanager.log 
    ERROR [vcf_dm,66###########b3,f852] [c.v.e.s.c.u.c.SshCommandExecuter,http-nio-127.0.0.1-7200-exec-6] Could not connect to the SSH server @<vRLI Node FQDN> for configuration.

com.jcraft.jsch.JSchException: Algorithm negotiation fail

ERROR [vcf_dm,66###########b3,f852] [c.v.v.v.c.impl.VrliManagerImpl,http-nio-127.0.0.1-7200-exec-6] Failed to insert vRLI

com.vmware.evo.sddc.common.util.command.CommandExecuterException: SSH: Failed to establish SSH session to <vRLI Node FQDN>

ERROR [vcf_dm,66###########b3,f852] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7200-exec-6] [TDMHQ4] PRODUCT_REGISTRATION_FAILED Failed to register 578bbf0f-da24-4049-####-############:vrli in the SDDC Manager.

com.vmware.evo.sddc.common.core.error.InvalidStateException: Failed to register 578bbf0f-da24-4049-####-############:vrli in the SDDC Manager.

Caused by: com.vmware.evo.sddc.common.core.error.InvalidStateException: Failed to execute vRLI insertion operation on SDDC Manager.

        at com.vmware.vcf.vrealize.controller.impl.VrliManagerImpl.insertVrli(VrliManagerImpl.java:171)

        at com.vmware.vcf.vrealize.controller.v1.VrliPublicController.insertVrli(VrliPublicController.java:166)

        ... 117 common frames omitted

Caused by: com.vmware.evo.sddc.common.util.command.CommandExecuterException: SSH: Failed to establish SSH session to <vRLI Node FQDN>

 

Cause

KB Steps for Removing SHA1 weak Algorithms/Ciphers from all VMware Aria Products implemented on the environment which resulted in mismatched ssh algorithms on the server (vRLI) and the client side (VCF)

Resolution

  1. Take snapshot of the vRLI VMs
  2. SSH to vRLI nodes with root credentials
  3. Edit the sshd_config file 
    vi /etc/ssh/sshd_config
  4. Add the below parameters in the Ciphers config 
    aes256-ctr,aes192-ctr,aes128-ctr
  5. Save the changes to /etc/ssh/sshd_config 
    ESC > :wq!
  6. Restart the SSH service 
    systemctl restart sshd
  7. Retry the inventory sync from vRSLCM

 

Additional Information

vRSLCM inventory sync for vRLI will fail and SDDC will have no record of the vRLI instance

 

Powered by Wolken Software