Resolving 'The Entity Parameter Cannot Be Null in the MutationService Methods' Error When Enabling Authentication Proxy
search cancel

Resolving 'The Entity Parameter Cannot Be Null in the MutationService Methods' Error When Enabling Authentication Proxy

book

Article ID: 375083

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

vmcad-syslog.log:
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139621400835840: CAMAdapterMainLoop: Exit
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139619756652288: Handled SIG[15]
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139622304071424: vmcamd: stop
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139622304071424: Webserver stopped
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139622304071424: VmCamAdapterSrv: stop
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683228067584: VmCamAdapterSrvInit
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683219674880: CAMAdapterMainLoop: Start
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683309256448: HTTPS server SSL set session cache mode returned the previously set cache mode
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683309256448: Webserver started on ports +7475,+7476s, clientAuth enabled
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683309256448: vmcamd: started!
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683309256448: vmcam is running in FIPS mode.
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683219674880: Exceptions in CAMAdapterMainLoop: SSL Exception: Verification parameters:
PeerThumbprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
ExpectedThumbprint: YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY
ExpectedPeerName: example.local
The remote host certificate has these problems:

unable to get local issuer certificate
YYYY-MM-DDTHH:MM:SS info vmcamd  t@139683219674880: CAMAdapterMainLoop: Exit

Environment

vCenter Server 8.x

Cause

There is a mismatch of thumbprint between the vmcam service and the machine SSL certificate

 

Resolution

Step: 1

Validate the MachineSSL thumbprint by the below command.

# /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /var/core/machine_ssl.cer
# openssl x509 -in /var/core/machine_ssl.cer -noout -fingerprint
SHA1 Fingerprint=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

Step: 2

Make sure to have a snapshot of vCenter

Step: 3

Unregister vmcam by the below command

/usr/lib/vmware-vmcam/bin/camregister -n -u <admin_upn> -a <vc_fqdn>

Step: 4

Re-register vmcam by the below command

/usr/lib/vmware-vmcam/bin/camregister -r -u <admin_upn> -a <vc_fqdn> -i <vc_fqdn> --port 80 --sslport 443

Step: 5

Restart the vmcam service

service-control --restart vmcam


The above steps will update the vmcam cert thumbprint with the current Machine_SSL_Thumbprint