vSAN Providers display the status as disconnected in the vSphere Web Client
search cancel

vSAN Providers display the status as disconnected in the vSphere Web Client

book

Article ID: 319934

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSAN VMware vSphere ESXi

Issue/Introduction

  • vSAN Providers display status as disconnected (To see this in the vSphere Web Client, navigate to vCenter Server > Manage > Storage Providers.).
  • A resynchronization operation fails to refresh the connection status.
  • In the /var/log/vsanvpd.log file, you see entries similar to:

    vsanvpd.log: 2015-04-27T00:39:42Z vsanSoapServer: ssl_verify_cert:759:ssl_verify_cert: client certificate not presented
    vsanvpd.log: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
    vsanvpd.log: 2015-04-27T00:40:08Z vsanSoapServer: ssl_verify_cert:759:ssl_verify_cert: client certificate not presented
    vsanvpd.log: 2015-04-27T00:40:08Z vsanSoapServer: registerVASACertificate:332:New certificate has been added to trust store
    vsanvpd.log: 2015-04-27T00:40:13Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/castore.pem: certificate has expired (10)
    vsanvpd.log: 2015-04-27T00:40:13Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/vsanvp_castore.pem: self signed certificate (18)
    vsanvpd.log: 2015-04-27T01:19:12Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/castore.pem: certificate has expired (10)
    vsanvpd.log: 2015-04-27T01:19:12Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/vsanvp_castore.pem: self signed certificate (18)

Environment

  • VMware vCenter Server Appliance 6.0.x
  • VMware vSphere ESXi 6.0
  • VMware vSAN 6.2.x
  • VMware vCenter Server 6.0.x

Cause

This issue occurs if the SMS certificate for vCenter server is expired.

Resolution


To resolve this issue, remove the expired certificate and generate a new certificate.
 
For Windows vCenter Server:
 
  1. Open a command prompt in Windows vCenter server.
  2. Navigate to C:\Program Files\VMware\vCenter Server\vmafdd.
  3. To verify the expiry date of SMS certificate, run this command:

    vecs-cli entry list --store SMS –-text
     
  4. If the certificate is expired, delete the certificate store by running this command:

    vecs-cli store delete --name SMS
     
  5. Restart VMware vSphere Profile-Driven Storage Service and VMware vSphere Web Client to re-generate the SMS certificate store.
  6. In the vSphere Web Client, navigate to vCenter Server > Manage > Storage Providers.
  7. Click on Synchronize all Virtual SAN storage providers button.
 
For VMware vCenter Server Appliance for Linux:
 
  1. Log in to the vCenter Server Appliance using SSH and navigate to:

    /usr/lib/vmware-vmafd/bin
     
  2. To verify the expiry date of SMS certificate, run this command:

    ./vecs-cli entry list --store SMS --text
     
  3. If the certificate is expired, delete the certificate store by running the command:

    ./vecs-cli store delete --name SMS
     
  4. Restart VMware vSphere Profile-Driven Storage Service and VMware vSphere Web Client to re-generate the SMS certificate store.
  5. In the vSphere Web Client, navigate to vCenter Server > Manage > Storage Providers.
  6. Click on Synchronize all Virtual SAN storage providers button.

Additional Information

Powered by Wolken Software