Repeating vCLS VM Deployment Canceled Tasks After Replacing ESXi Custom Certificates
search cancel

Repeating vCLS VM Deployment Canceled Tasks After Replacing ESXi Custom Certificates

book

Article ID: 377153

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server 8.0 VMware vCenter Server 7.0

Issue/Introduction

  • Following a replacement of ESXi custom certificates, many failed tasks related to deploying vCLS VMs to the hosts are seen in Recent Tasks.
  • The /var/log/vmware/eam/eam.log file on vCenter contains the following error message:

2024-09-05T19:44:27.542Z |  INFO | cluster-agent-4 | DeployVmJob.java | 554 | Zero-config deployemnt attempt failed(EamIOException->EamAppException[Upload request failed. Response:HTTP/1.1 526 Invalid SSL Certificate [content-length: 2955, content-type: text/plain, date: Thu, 05 Sep 2024 19:44:27 GMT, server: envoy, connection: close] [Content-Length: 2955,Chunked: false]]), vSAN=false . Trying next.

Environment

vCenter Server 7.0.x

vCenter Server 8.0.x

ESXi 7.0.x

ESXi 8.0.x

Cause

This issue occurs when the ESXi hosts have not been rebooted after certificate replacement (per ESXi certificate replacement procedure:https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-security-8-0.html.  The certificate thumbprint in the vCenter database needs to be updated, which happens on connect to the ESXi host.

Resolution

Reboot the ESXi hosts that have had the certificates replaced.  This will update the thumbprint of the ESXi host in the vCenter database.

Powered by Wolken Software