"Could not read or write the configuration file: Keystore was tampered with, or password was incorrect" during Cloud Director 9.5 to 10.0 migration..
Article ID: 325627
Updated On:
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
- Migration to Cloud Director 10.0 fails every time.
- Migrating a Cloud Director 9.5 appliance with external Postgres database to Cloud Director 10 appliance with Embedded database.
- Running the following command fails: /opt/vmware/vcloud-director/bin/configure -unattended-installation -database-type postgres -database-user vcloud -database-password <DB Password> -database-host <IP address> -database-port 5432 -database-name vcloud -database-ssl true-uuid -keystore /opt/vmware/vcloud-director/certificates.ks -keystore-password <Keystore password> -primary-ip <IP address> -console-proxy-ip <IP address> -console-proxy-port-https 8443
Could not read or write the configuration file: Keystore was tampered with, or password was incorrect
- From /opt/vmware/vcloud-director/logs/cell-management-tool.log, entries say password was incorrect
2020-03-19 11:36:41,841 | ERROR | main | ImportTrustedCertificatesCommand | Failed to extract or import certificates, consult cell-management-tool.log. |
java.io.IOException: Keystore was tampered with, or password was incorrect
at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:879)
at java.security.KeyStore.load(KeyStore.java:1445) ...
Caused by: java.security.UnrecoverableKeyException: Password verification failed
... 14 more
java.io.IOException: Keystore was tampered with, or password was incorrect
at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:879)
at java.security.KeyStore.load(KeyStore.java:1445) ...
Caused by: java.security.UnrecoverableKeyException: Password verification failed
... 14 more
- Trying with the root passwords for old and new appliance will give the same error
- Recreating the keystore on the new appliance was not successful.
- Listing the keystore from the source appliance fails.
Environment
VMware Cloud Director for Service Provider 9.5.x
VMware Cloud Director for Service Provider 10.x
VMware Cloud Director for Service Provider 9.7.x
VMware Cloud Director for Service Provider 10.x
VMware Cloud Director for Service Provider 9.7.x
Cause
This issue can be caused when the files are tampered with on the source appliance.
The truststore didn't exist in the 9.5 versions and was only added since the Cloud Director 9.7 and later versions. This can also attribute to the issue where the requirements for a migration include the /opt/vmware/vcloud-director/etc/truststore directory backup.
The truststore didn't exist in the 9.5 versions and was only added since the Cloud Director 9.7 and later versions. This can also attribute to the issue where the requirements for a migration include the /opt/vmware/vcloud-director/etc/truststore directory backup.
Resolution
To resolve the issue, follow any of the migration paths below:
1. vCD 9.5.0.3 appliance with external Postgres 10 DB -> Cloud Director 9.7.0.4 appliance with external Postgres 10 DB (Verify truststore is present) -> Migrate to Cloud Director 9.7.0.4 appliance with embedded Postgres DB -> Upgrade to Cloud Director 10.0.0.1 appliance.
(OR)
2. vCD 9.5.0.3 appliance with external Postgres 10 DB -> Cloud Director 9.7.0.4 appliance with external Postgres 10 DB (Verify truststore is present)-> Migrate to Cloud Director 10.0.0.1 appliance with embedded Postgres DB.
This will ensure you are using the latest migration tool available with the latest version.
Information on the migration steps are available in the Cloud Director documentation here, VMware Cloud Director Documentation.
Feedback
Yes
No
Powered by
