SSL Certificate Automation Tool fails to update vCenter Server Trust to Inventory service with the error: Cannot register vCenter with Inventory Service: 2
search cancel

SSL Certificate Automation Tool fails to update vCenter Server Trust to Inventory service with the error: Cannot register vCenter with Inventory Service: 2

book

Article ID: 338798

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Using Step 6 of the Update Steps Planner in the KB article Deploying and using the SSL Certificate Automation Tool (2041600) to update the trust of vCenter Server to Inventory Service fails.
  • This issue occurs when you are using the SSL Certificate Automation Tool to replace SSL certificates for Single Sign-On (SSO), Inventory Service and vCenter Server.
  • The issue may also occur when you are manually re-registering vCenter Server to the Inventory Service.
  • You see the error:

    Last operation update vCenter Server trust to Inventory Service failed:
    Cannot register vCenter with Inventory Service: 2
  • The SSL automation tool log (vc-update-trust-to-is.log)contains entries similar to:

    Action is: register
    vCenter Server URL: https://VCENTERFQDN:443/sdk
    vCenter instance config file: C:\ProgramData\VMware\VMware VirtualCenter\instance.cfg
    vCenter Server certificate path: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt
    vCenter Server private key path: C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.key
    vCenter Server endpoint directory: C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool\..\endpoints vCenter Server extension directory: C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool\..\extensions
    Setup started
    Successfully loaded VC certificate
    Cannot read VC private key file C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.key
    java.lang.ClassCastException: org.bouncycastle.jce.provider.X509CertificateObject cannot be cast to java.security.KeyPair
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcPrivateKey(RegisterVC.java:477)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcProviderInfo(RegisterVC.java:300)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:203)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
    Failed to perform register action
    at com.vmware.vim.dataservices.vcregtool.exception.RegistrationException
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcPrivateKey(RegisterVC.java:483)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.loadVcProviderInfo(RegisterVC.java:300)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.register(RegisterVC.java:203)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.doRegistration(RegisterVC.java:1253)
    at com.vmware.vim.dataservices.vcregtool.RegisterVC.main(RegisterVC.java:1332)
    2
    2
    [DD.MM.YYYY - 14:00:51,43]: ""Cannot register vCenter with Inventory Service: 2""
  • When you open the private key file in a text editor, you see an entry at the top:

    -----BEGIN PRIVATE KEY------


Environment

VMware vCenter Server 5.5.x
VMware vCenter Server 5.1.x

Cause

This issue occurs when the private key fails to create with the SSL Certificate Automation Tool. After creating the private key file with openssl, you need to perform an additional step to convert it to the required RSA format.

Resolution

To resolve this issue, convert the private key to the required RSA format for vCenter Server SSO to use. For example:

openssl rsa -in rui-orig.key -out rui.key

For more information, see Generating certificates for use with the VMware SSL Certificate Automation Tool (2044696).


Additional Information

If the SSO and Inventory Service private key files are also affected, use the SSL Certificate Automation Tool to perform the SSL replacement process again. Replace all SSL certificates or just the certificates of your choice. For more information, see Deploying and using the SSL Certificate Automation Tool 1.0.x (2041600). Deploying and using the SSL Certificate Automation Tool 1.0.x
Generating certificates for use with the VMware SSL Certificate Automation Tool

Powered by Wolken Software