Unity VASA certificate has expired and does not allow to refresh it and storage appears disconnected.
Article ID: 322807
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
- Workaround to get new certificates generated from Dell EMC Unity so that it can be added as VASA storage provider from vSphere
Symptoms:
- Unable to refresh storage provider with expired certificate:
============================================
Error: The storage provider certificate has expired. Remove the selected storage provider, provision a valid self-signed certificate for it, and then add it back.
Error: The storage provider certificate has expired. Remove the selected storage provider, provision a valid self-signed certificate for it, and then add it back.
- Rescan errors : Details:
com.vmware.vim.sms.fault.ProviderNotActiveException: Provider f1b3a9d1-003f-4983-862c-7e2f2edc26b9 is not active!!!
"com.vmware.vim.sms.fault.ProviderNotActiveException: Provider f1b3a9d1-003f-4983-862c-7e2f2edc26b9 is not active!!!"
"com.vmware.vim.sms.fault.ProviderNotActiveException: Provider f1b3a9d1-003f-4983-862c-7e2f2edc26b9 is not active!!!"
- Cause:
Provider f1b3a9d1-003f-4983-862c-7e2f2edc26b9 is not active!!!
"Provider f1b3a9d1-003f-4983-862c-7e2f2edc26b9 is not active!!!"
- The provider certificate is invalid. It is either empty, malformed, expired, not yet valid, revoked, or fails host name verification.
Environment
VMware vSphere 6.5.x
VMware vSphere 7.0.x
VMware vSphere 7.0.x
Cause
- The certificate was not refreshed before expiry data for the VASA storage provider
Resolution
- There is no resolution after the certificate has expired.
Workaround:
- Note: This is only valid for Storage providers from Dell EMC Unity.
- Following steps to get new certificates generated from Unity so that it can be added as VASA storage provider from vSphere :
- Log in to Unity CLI (use service account).
- View existing certificates on Unity for VASA using below command:
=====================================================
uemcli -d <IP address of unity> -u local/admin -p <password of Unity admin account> /sys/cert -service VASA_HTTP show -detail
- Delete all the present certificates one by one using below command:
=====================================================
uemcli -d <IP address of unity> -u local/admin -p <password of Unity admin account> /sys/cert -id <value> delete
uemcli -d <IP address of unity> -u local/admin -p <password of Unity admin account> /sys/cert -id <value> delete
- Add Unity as VASA storage provider on vSphere.
If any error encountered contact Storage Provider Dell EMC Unity referencing the article 510045
Feedback
Yes
No
Powered by
