vCenter Advanced Setting config.vpxd.hostnameUrl could affect the VASA provider registration in VSAN 6.7
Article ID: 326674
Updated On:
Products
VMware vSAN
Issue/Introduction
Symptoms:
- VASA provider in VC6.7 is not visible in the UI.
- The vsanvp.log located in /var/log/vmware/vsan-health/ shows the following error.
2019-07-24T15:16:48.637Z ERROR vsanvp[thread-139631683405568] [ServiceInstance::RegisterVsanVP opID=W0] Failed to register VSAN VP to sms service
Traceback (most recent call last):
File "/usr/lib/vmware-vpx/vsan-health/pyMoVsan/ServiceInstance.py", line 81, in RegisterVsanVP
raise info.error
pyVmomi.VmomiSupport.sms.fault.ProviderRegistrationFault: (sms.fault.ProviderRegistrationFault) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = <unset>,
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
- The sps.log located in /var/log/vmware/vmware-sps/ will show errors like:
2019-07-24T15:09:28.063-05:00 [pool-12-thread-2] ERROR opId= com.vmware.vim.sms.provider.vasa.version.
VmodlVersion4Strategy - Error in queryVasaProviderInfo
com.vmware.vim.sms.fault.VasaServiceException: java.util.concurrent.ExecutionException: com.vmware.vim
.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationExcepti
on: Server certificate assertion not verified and thumbprint not matched
.
.
.
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <192.168.40.19> != <vcsa.gsslabs.org>
2019-07-24T15:09:28.064-05:00 [pool-12-thread-2] ERROR opId= com.vmware.vim.sms.provider.vasa.VasaProviderImpl - [init] Provider creation failed
- VASA provider in VC6.7 is not visible in the UI.
- The vsanvp.log located in /var/log/vmware/vsan-health/ shows the following error.
2019-07-24T15:16:48.637Z ERROR vsanvp[thread-139631683405568] [ServiceInstance::RegisterVsanVP opID=W0] Failed to register VSAN VP to sms service
Traceback (most recent call last):
File "/usr/lib/vmware-vpx/vsan-health/pyMoVsan/ServiceInstance.py", line 81, in RegisterVsanVP
raise info.error
pyVmomi.VmomiSupport.sms.fault.ProviderRegistrationFault: (sms.fault.ProviderRegistrationFault) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = <unset>,
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
- The sps.log located in /var/log/vmware/vmware-sps/ will show errors like:
2019-07-24T15:09:28.063-05:00 [pool-12-thread-2] ERROR opId= com.vmware.vim.sms.provider.vasa.version.
VmodlVersion4Strategy - Error in queryVasaProviderInfo
com.vmware.vim.sms.fault.VasaServiceException: java.util.concurrent.ExecutionException: com.vmware.vim
.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationExcepti
on: Server certificate assertion not verified and thumbprint not matched
.
.
.
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <192.168.40.19> != <vcsa.gsslabs.org>
2019-07-24T15:09:28.064-05:00 [pool-12-thread-2] ERROR opId= com.vmware.vim.sms.provider.vasa.VasaProviderImpl - [init] Provider creation failed
Environment
VMware vSAN 6.7.x
Cause
The VSAN VASA provider will try to be registered every 10 seconds in case of failure in some scenarios.
The script described above, ServiceInstance.py, will create the parameter to register the provider with the SMS Service.
The URL used will be taken from the value of the advanced setting config.vpxd.hostnameUrl, if this setting is empty then the output of hostname itself will be used.
In scenarios where the content of the advanced parameter does not match with the content of the certificate, then the registration will fail.
The script described above, ServiceInstance.py, will create the parameter to register the provider with the SMS Service.
The URL used will be taken from the value of the advanced setting config.vpxd.hostnameUrl, if this setting is empty then the output of hostname itself will be used.
In scenarios where the content of the advanced parameter does not match with the content of the certificate, then the registration will fail.
Resolution
Make sure the config.vpxd.hostnameUrl advanced setting is populated, it must match with the hostname registered in the vCenter certificate which can be confirmed from the error message seen in /var/log/vmware/vmware-sps/sps.log.
To check/change this setting go to:
To check/change this setting go to:
Additional Information
Impact/Risks:
Changing the parameter of config.vpxd.hostnameUrl could affect the registration of the VSAN VP with the SMS service in VC, if the value does not match with the content in the certificate.
Changing the parameter of config.vpxd.hostnameUrl could affect the registration of the VSAN VP with the SMS service in VC, if the value does not match with the content in the certificate.
Feedback
Yes
No
Powered by
