vRealize Automation deployment in VMware Cloud Foundation fails on the "Deploy vRealize Automation through vRealize Suite Lifecycle Manager" task
Article ID: 317036
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
Symptoms:
Error:
- vRealize Automation deployment fails on the "Deploy vRealize Automation through vRealize Suite Lifecycle Manager" task
- You see a message similar to the following in the details for the failed task:
Progress Messages:
vRA Iaas Management Agent Installation Failed
vRA Certificate Configuration Failed
vRA Certificate Configuration Failed
Error:
Message: vRA Cluster Join Operation Failed
Error:
Message: vRA Iaas Management Agent Installation Failed
- You see messages similar to the following in the /var/log/vmware/vlcm/vrlcm-server.log file on the vRealize Suite Lifecycle Manager VM:
2019-02-20 08:14:47.829 INFO [pool-2-thread-6] c.v.v.l.d.v.h.VraInstallHelper - -- installActionOutput : Failure: Command execution result:
Command id: 7ac3b484-4f29-4df8-90b8-ea10d0b4593c
Type: install-certificate
Node id: B13E3824-C2AD-4D4E-B749-67F3547E46DB
Node host: iaasweb1.rainpole.local
Result: Private key is invalid: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
Result description: System.InvalidOperationException: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
---> System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at VMware.BouncyCastle.Utilities.DotNetUtilities.CreateRSAProvider(RSAParameters rp)
at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)
YXYXYXYX of inner exception stack trace ---
at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)
YXYXYXYX certificate, String privateKeyInput, String password)
YXYXYXYX {"10098":[{"resultDescr":"System.InvalidOperationException: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.\r\n ---> System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.\r\n\r\n at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)\r\n at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)\r\n at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)\r\n at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)\r\n at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()\r\n at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)\r\n at VMware.BouncyCastle.Utilities.DotNetUtilities.CreateRSAProvider(RSAParameters rp)\r\n at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)\r\n YXYXYXYX of inner exception stack trace ---\r\n at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)\r\n YXYXYXYX certificate, String privateKeyInput, String password)","resultMsg":"Private key is invalid: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.\r\n"}]}
Status: FAILED
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Command id: 7ac3b484-4f29-4df8-90b8-ea10d0b4593c
Type: install-certificate
Node id: B13E3824-C2AD-4D4E-B749-67F3547E46DB
Node host: iaasweb1.rainpole.local
Result: Private key is invalid: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
Result description: System.InvalidOperationException: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
---> System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at VMware.BouncyCastle.Utilities.DotNetUtilities.CreateRSAProvider(RSAParameters rp)
at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)
YXYXYXYX of inner exception stack trace ---
at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)
YXYXYXYX certificate, String privateKeyInput, String password)
YXYXYXYX {"10098":[{"resultDescr":"System.InvalidOperationException: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.\r\n ---> System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.\r\n\r\n at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)\r\n at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)\r\n at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)\r\n at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)\r\n at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()\r\n at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)\r\n at VMware.BouncyCastle.Utilities.DotNetUtilities.CreateRSAProvider(RSAParameters rp)\r\n at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)\r\n YXYXYXYX of inner exception stack trace ---\r\n at VMware.IaaS.Installation.Common.CertificatesHelper.DecodePemPrivateKey(String privateKeyInput, String password)\r\n YXYXYXYX certificate, String privateKeyInput, String password)","resultMsg":"Private key is invalid: Error occurred while decoding private key: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.\r\n"}]}
Status: FAILED
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware Cloud Foundation 2.3.x
VMware Cloud Foundation 3.0.x
VMware Cloud Foundation 3.5.x
VMware Cloud Foundation 3.0.x
VMware Cloud Foundation 3.5.x
Cause
This issue can occur if there is a transient connectivity issue between the vRealize Automation node being configured and the certificate authority.
Resolution
Click the RESTART TASK button next to the failed task in SDDC Manager and it should complete successfully. If this task continues to fail, investigate the connection between the vRealize Automation node being configured and the certificate authority.
Feedback
Yes
No
Powered by
