Unity VASA certificate has expired and does not allow to refresh it and storage appears disconnected.
search cancel

Unity VASA certificate has expired and does not allow to refresh it and storage appears disconnected.

book

Article ID: 322807

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Workaround to get new certificates generated from Dell EMC Unity so that it can be added as VASA storage provider from vSphere 



Symptoms:

  • Unable to refresh storage provider with expired certificate: 
============================================
Error:    The storage provider certificate has expired. Remove the selected storage provider, provision a valid self-signed certificate for it, and then add it back.
  • Rescan errors : Details:
com.vmware.vim.sms.fault.ProviderNotActiveException: Provider f1b3a9d1-####-####-####-##########b9 is not active!!!
"com.vmware.vim.sms.fault.ProviderNotActiveException: Provider f1b3a9d1-####-####-####-##########b9 is not active!!!"
  • Cause:
Provider f1b3a9d1-####-####-####-##########b9 is not active!!!
"Provider f1b3a9d1-####-####-####-##########b9 is not active!!!"
  • The provider certificate is invalid. It is either empty, malformed, expired, not yet valid, revoked, or fails host name verification.



Environment

VMware vSphere 6.5.x
VMware vSphere 7.0.x

Cause

  • The certificate was not refreshed before expiry data for the VASA storage provider

Resolution

  • There is no resolution after the certificate has expired.


Workaround:
  • Note: This is only valid for Storage providers from Dell EMC Unity.
  • Following steps to get new certificates generated from Unity so that it can be added as VASA storage provider from vSphere :
    • Log in to Unity CLI (use service account).
    • View existing certificates on Unity for VASA using below command:
=====================================================
uemcli -d <IP address of unity> -u local/admin -p <password of Unity admin account> /sys/cert -service VASA_HTTP show -detail 
  • Delete all the present certificates one by one using below command:
=====================================================
uemcli -d <IP address of unity> -u local/admin -p <password of Unity admin account> /sys/cert -id <value> delete 
  • Add Unity as VASA storage provider on vSphere.
If any error encountered contact Storage Provider Dell EMC Unity referencing the article 510045