When attempting to add a new datastore to an ESXi host, the datastore remains in an inaccessible state
search cancel

When attempting to add a new datastore to an ESXi host, the datastore remains in an inaccessible state

book

Article ID: 377261

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

An attempt to add a PURE Storage vVOL datastore to an ESXi host results in the datastore remaining inaccessible.

The /var/run/log/vvold.log file on the host displays the error: "unable to get issuer certificate, using default."

Environment

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Cause

While checking Logs we can understand that vvold is complaining about the cert of the Storage Array:

YYYY-MM-DDTHH:MM:SSZ warning vvold[xxxxxxx] [Originator@6876, err=SSL Exception: Verification parameter
-- > PeerThumbprint:
-- > ExpectedThumbprint:
-- > ExpectedPeerName:
-- > The remote host certificate has these problems:
-- >
-- > * unable to get issuer certificate, using default.


The issue stemmed from an incomplete certificate chain provided during the datastore configuration. Only the root certificate was uploaded, leaving out the intermediate and leaf certificates. This incomplete chain prevented the ESXi host from properly verifying the certificate and establishing a secure connection to the datastore.

Resolution

The ESXi host requires a complete certificate chain to verify the authenticity and trustworthiness of the connection. The chain starts with the leaf certificate, which is specific to the server or service, followed by intermediate certificates issued by Certificate Authorities (CAs), and finally the root certificate.

Upon successful uploading of the certificate to the vCenter Trusted Root store, a storage rescan should result in the datastore being marked as accessible 


Steps to Import the Certificate into vCenter's Trusted Root:

  • Log in to the vCenter Appliance: Access the vCenter Appliance web interface.
  • Navigate to Certificates: Go to Administration > Certificates.
  • Import the Certificate: Click Import, select the server_cert.pem file, and click Import.
  • Verify the Import: Refresh the Certificates list to confirm that the certificate is listed in vCenter's trusted root certificate store.

 Rescan Storage:

  • Navigate to Storage View: In the vCenter Server web interface, go to Home > vCenter Server > Manage > Storage.
  • Select Rescan: Click on the Rescan Storage button.
  • Confirm Rescan: In the pop-up window, confirm the rescan operation by clicking OK.

Additional Information

For additional support, please reach out to Broadcom Support.

Powered by Wolken Software