Error Code: LCMRAVACONFIG90039 while replacing the certificate in vRealize Automation 8.3 and 8.4
Article ID: 326055
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- While replacing the certificate in vRA 8.3 and 8.4 environments with multi-tenancy enabled, the operation will fail with an error message in LCM log files similar to
2021-01-06 20:33:53.221 INFO [pool-2-thread-11] c.v.v.l.d.v.h.VraPreludeInstallHelper - -- Certificate with sha256 sum: 95ff4321a46416e667e28886e023c1881734a582d297e8a9123384bd3c6a519f cannot be validated. The following FQDN cannot be found in the SAN field of the certificate: "invalid domain" but it is required. FQDNs found in certificate SAN field: ['load-balancer-fqdn', 'tenant(s) fqdns'] FQDNs supplied for validation: ['load-balancer-fqdn', 'invalid fqdns's']
Note: In the above error message:
invalid domain - Represents invalid (non-existent) vra fqdn.
load-balancer-fqdn - The load-balancer of the vRA if vRA is clustered, else the fqdn of the vRA node.
tenant(s) fqdns - All fqdns of the tenants are separated by a comma.
invalid fqdns's - Invalid fqdns, not part of the vRA environment.
invalid domain - Represents invalid (non-existent) vra fqdn.
load-balancer-fqdn - The load-balancer of the vRA if vRA is clustered, else the fqdn of the vRA node.
tenant(s) fqdns - All fqdns of the tenants are separated by a comma.
invalid fqdns's - Invalid fqdns, not part of the vRA environment.
- In the vRealize Suite Lifecycle Manager UI, you will see a message similar to this:
Environment
VMware vRealize Automation 8.4.x
VMware vRealize Automation 8.3.x
VMware vRealize Automation 8.3.x
Cause
This issue is caused when vracli certificate command incorrectly assembles the FQDNs of the tenants fail the validation of the certificate.
Resolution
This issue is resolved in upgrade to vRealize Automation 8.4.1 , available at Broadcom Downloads.
Workaround:
Prerequisites
- Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
- You have access to root user and password
- You have SSH or console access to each virtual appliance.
Procedure
- SSH / PuTTy into one vRA virtual appliance in the cluster
- Download the patch.tgz file from the attachments in the KB.
- Copy the file to the vRA appliance root directory.
- SSH to the appliance.
- Run the following command
cd /; tar -zxvf ./patch_vracli.tgz
Note: If the vRA is clustered, repeat steps 1-4 on every appliance.
Attachments
Feedback
Yes
No
Powered by
