Error: "Internal Server Error" when deploying a vApp template downloaded from VMware Cloud Director App Launchpad
search cancel

Error: "Internal Server Error" when deploying a vApp template downloaded from VMware Cloud Director App Launchpad

book

Article ID: 383022

calendar_today

Updated On: 11-28-2024

Products

VMware Cloud Director

Issue/Introduction

  • Deploying a vApp template downloaded from VMware Cloud Director App Launchpad (ALP) fails with the error below:

    [########-####-####-########7d7e] Internal Server Error - Internal Server Error

  • The same vApp template can be successfully deployed directly on vCenter.
  • In /opt/vmware/vcloud-director/logs/vcloud-container-debug.log you have entry similar the one reported below:

    2024-11-22 10:10:43,075 | DEBUG    | vim-proxy-activity-pool-61 | ImportVAppFromOvfActivity      | Exception while attempting OVF import. | requestId=########-####-####-########8f7b,request=POST https://cloud.example.com/api/vdc/########-####-####-########122b/action/instantiateVAppTemplate,requestTime=1732270140087,remoteAddress=##.##.##.##:60584,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=application/*+xml;version 39.0.0-alpha vcd=########-####-####-########8867,task=########-####-####-########7d7e activity=(com.vmware.vcloud.backendbase.management.system.TaskActivity,urn:uuid:########-####-####-########7d7e) activity=(com.vmware.vcloud.vdc.impl.InstantiateVAppActivity,urn:uuid:########-####-####-########269e) activity=(com.vmware.vcloud.vdc.impl.CopyContentsActivity,urn:uuid:########-####-####-########205b) activity=(com.vmware.vcloud.vdc.impl.CreateStoredVmActivity,urn:uuid:########-####-####-########89a0) activity=(com.vmware.vcloud.fabric.storage.storedVm.impl.CreateFromExistingStoredVmNonBlockingActivity,urn:uuid:########-####-####-########4df5) activity=(com.vmware.vcloud.fabric.storage.copy.impl.CopyVmActivity,urn:uuid:########-####-####-########5506) activity=(com.vmware.vcloud.val.internal.impl.ImportVAppFromOvfActivity,urn:uuid:########-####-####-########d658)
    com.vmware.ssdc.util.LMException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.vmware.ssdc.util.LMException.wrap(LMException.java:128)
            at com.vmware.ssdc.library.vim.LmVim.Convert(LmVim.java:509)
            at com.vmware.vcloud.val.internal.impl.ImportVAppFromOvfActivity$ImportOvfToVcPhase.invoke(ImportVAppFromOvfActivity.java:276)
            at com.vmware.vcloud.activity.executors.ActivityRunner.runPhase(ActivityRunner.java:175)
            at com.vmware.vcloud.activity.executors.ActivityRunner.run(ActivityRunner.java:112)
            at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
            at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
            at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
            at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
            at java.base/java.lang.Thread.run(Thread.java:829)
    Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    AND

    2024-11-22 07:02:57,698 | ERROR    | vim-proxy-activity-pool-51 | ExportVmToOvfActivity          | [Activity Execution] Failed to download file https://esxi.example.com/nfc/########-####-####-########821f/disk-0.vmdk from VC to destination VfsFile[fileObject=file:///opt/vmware/vcloud-director/data/transfer/########-####-####-########f931/vm-########-####-####-########bf82-disk-0.vmdk] - Handle: urn:uuid:########-####-####-########84ce, Current Phase: ExportVmToOvfActivity$InitiateExportPhase | requestId=########-####-####-########d6e9,request=POST https://iaas.vd2.telefonica.com/api/vAppTemplate/vappTemplate-########-####-####-########18b8/action/enableDownload,requestTime=1732258970334,remoteAddress=##.##.##.##:22755,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/201...,accept=application/*+xml;version 39.0.0-alpha vcd=########-####-####-########8867,task=########-####-####-########efa4 activity=(com.vmware.vcloud.backendbase.management.system.TaskActivity,urn:uuid:########-####-####-########efa4) vcd=########-####-####-########8867,task=########-####-####-########290e activity=(com.vmware.vcloud.backendbase.management.system.TaskActivity,urn:uuid:########-####-####-########290e) activity=(com.vmware.vcloud.fabric.storage.storedVm.impl.ExportVmActivity,urn:uuid:########-####-####-########0f01) activity=(com.vmware.vcloud.val.internal.impl.ExportVmToOvfActivity,urn:uuid:########-####-####-########84ce)
    javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
            at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360)
            at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
            at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298)
            at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
            at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
            at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
            at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
            at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
            at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
            at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
            at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
            at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1507)
            at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1417)
            at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:456)
            at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:427)
            at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
            at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
            at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
            at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
            at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
            at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
            at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
            at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
            at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
            at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
            at com.vmware.vcloud.val.httpclient.impl.HttpClientImpl.execute(HttpClientImpl.java:79)
            at com.vmware.vcloud.val.internal.impl.ExportVmToOvfActivity$InitiateExportPhase.downloadFileFromVc(ExportVmToOvfActivity.java:286)
            at com.vmware.vcloud.val.internal.impl.ExportVmToOvfActivity$InitiateExportPhase.downloadFilesFromLease(ExportVmToOvfActivity.java:260)
            at com.vmware.vcloud.val.internal.impl.ExportVmToOvfActivity$InitiateExportPhase.invoke(ExportVmToOvfActivity.java:200)
            at com.vmware.vcloud.activity.executors.ActivityRunner.runPhase(ActivityRunner.java:175)
            at com.vmware.vcloud.activity.executors.ActivityRunner.run(ActivityRunner.java:112)
            at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
            at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
            at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
            at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
            at java.base/java.lang.Thread.run(Thread.java:829)
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

VMware Cloud Director 10.x

Cause

This issue occurs if the certificates are expired for the underlying Host or the ESXi certificates are NOT listed under trusted certificates for VMware Cloud Director.

 

Resolution

Establish the trust for each ESXi hosts reported in the error in /opt/vmware/vcloud-director/logs/vcloud-container-debug.log as highlighted in the log snippet above following the documentation Test the VMware Cloud Director Connection to a Remote Server and Establish a Trust Relationship Using the Tenant Portal