Symptoms:
- vSAN modules show the error 'Unable to query vSAN health information. Check vSphere Client logs for details.' or "Unable to retrieve the cluster configuration. Check vSphere Client logs for details."
- In /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log on vCenter Server you see errors similar to:
[YYYY-MM-DDTHH:MM:SS] [ERROR] data-service-pool-793 70002776 100889 200007 c.v.vsphere.client.vsan.base.util.VsanCapabilityCacheManager Cannot retrieve capabilities com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:252)
:
Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match
at com.vmware.vim.vmomi.client.http.impl.ClientExceptionTranslator.translate(ClientExceptionTranslator.java:54)
:
Caused by: javax.net.ssl.SSLHandshakeException: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
:
- or similar to
[YYYY-MM-DDTHH:MM:SS] [ERROR] data-service-pool-769 70170908 116159 200228 com.vmware.vsphere.client.vsan.base.cache.TimeBasedCacheEntry Unable to get the validation token - invalidating the value com.vmware.vsphere.client.vsandp.core.sessionmanager.common.NotAccessibleException:
at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.VcClient.getConnection(VcClie::
Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured
Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.