Deploying Aria Suite LCM from SDDC manager fails at 'Request and Configure VMware Aria Suite Lifecycle SSL Certificate'
Article ID: 377146
Updated On:
Products
VMware Aria Suite
VMware Cloud Foundation 5.x
VMware Cloud Foundation
Issue/Introduction
- Deploying Aria Suite LCM from SDDC manager fails at 'Request and Configure VMware Aria Suite Lifecycle SSL Certificate'
- Error in SDDC Manager UI
A problem has occurred on the server. Please retry or contact the service provider and provide the reference token Cause: 400 : "{"status":"","message":"Validations failed for certificate.","errorCode":"LCM_CERTIFICATE_API_ERROR0001","errorLabel":"Certificate request payload is invalid.","recommendations":[] - Error in SDDC Manager domainmanager.log (/var/log/vmware/vcf/domainmanager/domainmanager.log)
yyyy-mm-ddThh:mm:ss DEBUG [vcf_dm,xxxxxxxxxxxxxxxxxxx,d5fc] [c.v.e.s.r.c.LoggingHttpRequestInterceptor,dm-exec-15] Request URI: https://<FQDN>/lcm/locker/api/v2/certificates/import Request method: POST Request body: {"alias":"<FQDN>","certificateChain":"*****","privateKey":"*****"} Response code: 400 BAD_REQUEST Response headers: [Date:"Mon, 19 Aug 2024 08:31:35 GMT", Content-Type:"application/json;charset=UTF-8", Transfer-Encoding:"chunked", Connection:"keep-alive", Set-Cookie:"JSESSIONID=xxxxxxxxxxxxxxxxxxxA1B15; Path=/; HttpOnly; Secure; HttpOnly; SameSite=xx", X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY", Content-Security-Policy:"script-src 'self'", Strict-Transport-Security:"max-age=31536000; includeSubDomains", Lcm-API-Version:"8.0"] Response body: {"status":"","message":"Validations failed for certificate.","errorCode":"*****","errorLabel":"Certificate request payload is invalid.","recommendations":[]} yyyy-mm-ddThh:mm:ss ERROR [vcf_dm,xxxxxxxxxxxxxxxxxxx,d5fc] [c.v.e.s.o.model.error.ErrorFactory,dm-exec-15] [4UTQRS] VCF_ERROR_INTERNAL_SERVER_ERROR Invocation of prefix '' part of task GenerateVrslcmCertificate in plugin VrslcmPlugin failed with exception. com.vmware.evo.sddc.common.core.error.InternalServerErrorException: Invocation of prefix '' part of task GenerateVrslcmCertificate in plugin VrslcmPlugin failed with exception. Caused by: org.springframework.web.client.HttpClientErrorException$BadRequest: 400 : "{"status":"","message":"Validations failed for certificate.","errorCode":"LCM_CERTIFICATE_API_ERROR0001","errorLabel":"Certificate request payload is invalid.","recommendations":[]}" - Error in vmware_vrlcm.log
yyyy-mm-ddThh:mm:ss ERROR vrlcm[1242] [http-nio-8080-exec-2] [c.v.v.l.l.c.CertificateStoreController] -- Failed to import certificate. com.vmware.vrealize.lcm.common.exceptions.InvalidCertificateException: Validations failed for certificate. at com.vmware.vrealize.lcm.locker.service.pki.CertificateStoreService.validateAndWrite(CertificateStoreService.java:96) ~[vmlcm-locker-core-8.18.0-SNAPSHOT.jar!/:?]
Environment
VMware Cloud Foundation
Cause
- Time skew between SDDC Manager and 'Aria Suite LCM' appliance
- Since the certificate is created in real time the SDDC Manager and 'Aria Suite LCM' should be in the same time zone, if SDDC Manager is "ahead" of time, 'Aria Suite LCM' will reject the certificate as it won't be valid yet for the Aria appliance.
Resolution
- Use the following command to verify the date and time on the 'Aria Suite LCM' appliance and SDDC Manager.
date - If there is a discrepancy in the time, fix it by referring to the same NTP server.
- Redeploy the Aria Suite LCM via SDDC Manager and configure the same NTP servers on both appliances if the Aria deployment was rolled back and the 'Aria Suite LCM' appliance is no longer in existence.
Note: The restart task will continue to fail with the same error even after fixing the NTP. To resolve this, remove and redeploy the 'Aria Suite LCM' via SDDC Manager.
Refer Update NTP Server Configuration document for NTP server configuration in a VCF Environment
Feedback
Yes
No
Powered by
