Attempt to add VxRail nodes to SDDC manager fails with error "Dependency of enabling SSH could not be performed on one or many hosts in the request payload"
search cancel

Attempt to add VxRail nodes to SDDC manager fails with error "Dependency of enabling SSH could not be performed on one or many hosts in the request payload"

book

Article ID: 383310

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Symptoms:

 

  • Attempting to add new hosts fails on thumbprint verification step:




  • SDDC manager logs contains errors similar to the excerpt below:


    2024-11-29T15:25:23.399+0200 ERROR [vcf_dm,0000000000000000,0000] [c.v.e.s.c.c.v.vsphere.VsphereClient,ForkJoinPool-6-worker-2]  Failed to connect to https://vcf-esxi.domain.com:443/sdk
    com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 
    unable to find valid certification path to requested target
    ..
    Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
            at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
            at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
            at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
    ..
    2024-11-29T15:25:23.409+0200 ERROR [vcf_dm,6749c0c3dce3ded7110913ce4e68b79e,fb31] [c.v.v.v.h.s.i.VxRailHostManagerServiceImpl,dm-exec-10] Error fetching SSH/SSL thumbprint

    com.vmware.vxrail.vcf.hostmanager.error.VxRailHostManagerException: Dependency of enabling SSH could not be performed on one or many hosts in the request payload.
            at com.vmware.vxrail.vcf.hostmanager.services.impl.VxRailHostManagerServiceImpl.enableSSHOnHosts(VxRailHostManagerServiceImpl.java:1393)
            at com.vmware.vxrail.vcf.hostmanager.services.impl.VxRailHostManagerServiceImpl.getFingerprints(VxRailHostManagerServiceImpl.java:1295)
            at com.vmware.vxrail.vcf.hostmanager.services.impl.VxRailHostManagerServiceImpl.lambda$initiateGetFingerprintsAsAsync$24(VxRailHostManagerServiceImpl.java:1228)
            at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
            at com.vmware.vcf.common.tracing.TraceRunnable.run(TraceRunnable.java:59)
            at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
            at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
            at java.base/java.lang.Thread.run(Thread.java:833)
    Caused by: com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: SSH service {vcf-esxi.domain.com=SSH service start on ESXi Host vcf-esxi.domain.com=SSH service start on ESXi Host vcf-esxi.domain.com failed.} on ESXi Host {1} failed.
            at com.vmware.vcf.common.fsm.plugins.action.ConcurrentStartHostSSHServicePluginAction.execute(ConcurrentStartHostSSHServicePluginAction.java:33)
            at com.vmware.vxrail.vcf.hostmanager.services.impl.VxRailHostManagerServiceImpl.enableSSHOnHosts(VxRailHostManagerServiceImpl.java:1365)
            ... 7 common frames omitted

Environment

SDDC Manager 5.x
SDDC Manager 4.x

Cause

Host certificate cannot be validated due to missing signing CA from SDDC Manager truststores.

Resolution

Powered by Wolken Software