vSphere Replication - Unable to obtain SSL certificate: Unexpected status code: 404
search cancel

vSphere Replication - Unable to obtain SSL certificate: Unexpected status code: 404

book

Article ID: 338581

calendar_today

Updated On:

Products

VMware Live Recovery VMware vSphere ESXi

Issue/Introduction

Symptoms:
  • Unable to obtain SSL certificate: Unexpected status code: 404 is returned in the vSphere Replication VAMI when attempting to register with the PSC.
  • In the rhttpproxy logs, you see entries similar to:

    2017-01-11T07:33:07.063+08:00 info rhttpproxy[02716] [Originator@6876 sub=Default] New/Updated endpoint added: /sdkTunnel
    2017-01-11T07:33:07.063+08:00 info rhttpproxy[02716] [Originator@6876 sub=Default] New/Updated endpoint added: sdkTunnel:8090

    Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.

  • Running netstat -abon | findstr 8089 on the vCenter Server returns a PID that does not belong to a VMware process.

  • Deploying the vSphere Replication Appliance fails with these errors:

    Unable to obtain SSL certificate: Unexpected status code: 404

    And

    Warning: Bad service status: Service not running



Environment

VMware vSphere Replication 6.1.x

Cause

This issue occurs when the sdkTunnel port 8089 is used by another process on the vCenter Server causing the port to default to 8090. When components attempt to register with the vCenter Server it will fail when there is an unexpected response on port 8089.
 

Resolution

To resolve this issue, update the conflicting software to not use port 8089.
 
To work around this issue update the ports used for the sdkTunnel:
  1. Backup the C:\ProgramData\VMware\vCenterServer\cfg folder.
  2. Open the files mentioned below from C:\ProgramData\VMware\vCenterServer\cfg 
  3. Change these entries from port 8090 to port 8089 in below files:

    install-defaults\vpxd.int.sdk-tunnel-port:8090
    vmware-eam\eam-vim.properties:vc.tunnelSdkUri.template=https://##{VC_HOST_NAME}##:8090/sdk/vimService
    vmware-eam\eam-vim.properties:vc.tunnelSdkUri=https:// ##{VC_HOST_NAME}##:8090/sdk/vimService
    vmware-rhttpproxy\endpoints.conf.d\vpxd-rhttpproxy-endpoint.conf:/sdkTunnel localtunnel 8090 allow reject
    vmware-rhttpproxy\endpoints.conf.d\vpxd-rhttpproxy-endpoint.conf:sdkTunnel:8090 localtunnel 8090 allow reject
    vmware-rhttpproxy\endpoints.conf.d\vpxd-rhttpproxy-endpoint.conf:sdkTunnel:8089 localtunnel 8090 allow reject
    vmware-rhttpproxy\endpoints.conf.d\vpxd-rhttpproxy-endpoint.conf: ##{VC_HOST_NAME}##:8090 localtunnel 8090 allow reject
    vmware-vpx\vpxd.cfg: <secureSoapPort>8090</secureSoapPort>
    vmware-vsm\vsm.properties:vpxd.int.sdk-tunnel-port=8090

    Note: This will need to be re-edited or the 3rd party software disabled on future upgrades of vCenter.
     
  4. Save the changes and close the file.
  5. Restart the VMware HTTP Reverse Proxy and VMware vSphere Web Client services.


Powered by Wolken Software