Error "Password provided was incorrect for the supplied private key" when deploying a new standby cell
search cancel

Error "Password provided was incorrect for the supplied private key" when deploying a new standby cell

book

Article ID: 386147

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • When attempting to deploy a new standby cell using VMware Cloud Director (VCD) it fails when attempting to connect it to the primary cell with "setupvcdscrip failed to execute"

  • In the /opt/vmware/var/log/vcd/configure-vcd.log you will see the follow error messages:

    DATE TIME | setupvcd.sh | Configuring VCD from response file (/opt/vmware/vcloud-director/data/transfer/responses.properties). 
    Cryptographic error: Password provided was incorrect for the supplied private key 
    DATE TIME | setupvcd.sh | [ERROR] Failed to configure vCD. Check /opt/vmware/vcloud-director/logs for details. Aborting. 
    DATE TIME | configure-vcd.sh | [ERROR] setupvcd script failed to execute. 
    DATE TIME | cleanup-vcd.sh | Starting cleanup script. 
    DATE TIME | cleanup-vcd.sh | The following error code was provided as argument to script: 18 

  • In the /opt/vmware/var/log/vcd/vcloud-container-info.log you will see the follow error messages:

    DATE TIME | ERROR    | main                      | ConfigAgent                    | Cryptographic error: Password provided was incorrect for the supplied private key 
    DATE TIME | ERROR    | main                      | ConfigAgent                    | Aborting configure due to OTHER (106) |  
    com.vmware.vcloud.configure.legacy.ConfigAgentException: Aborting configure due to OTHER (106) 
    Caused by: java.security.cert.CertificateException: Password provided was incorrect for the supplied private key 

            at com.vmware.vcloud.common.cmt.CertificateInputUtils.handleUserPasswordException(CertificateInputUtils.java:189) 
            at com.vmware.vcloud.common.cmt.CertificateInputUtils.promptAndLoadUserCertificates(CertificateInputUtils.java:158) 
            at com.vmware.vcloud.common.cmt.CertificateInputUtils.configureServerCertificates(CertificateInputUtils.java:99) 
            at com.vmware.vcloud.configure.legacy.ConfigAgent.configureCertificates(ConfigAgent.java:894) 
            at com.vmware.vcloud.configure.legacy.ConfigAgent.configureCell(ConfigAgent.java:632) 
            at com.vmware.vcloud.configure.legacy.ConfigAgent.start(ConfigAgent.java:424) 
            at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.start(ConfigAgentExecutor.java:83) 
            at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.main(ConfigAgentExecutor.java:78) 

 

Environment

VMware Cloud Director 10.5.1.1

Cause

The issue occurs due to the /opt/vmware/vcloud-director/data/transfer/responses.properties file not having the correct user.key.password

Resolution

To resolve this issue re-apply the certificates on the standby node using the CLI which will update the responses.properties file with the correct information.

Take a database backup before proceeding with the steps below. You can refer to Backup and Restore of Your VMware Cloud Director Appliance.

  1. SSH the primary and the standby cell if applicable
  2. Run the following command:

    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -j --cert /opt/vmware/vcloud-director/data/transfer/user.http.pem --key /opt/vmware/vcloud-director/data/transfer/user.http.key --key-password <root_password>

  3. Attempt the set up process again to configure the standby cell. If the issue still persisted proceed with step 5.
  4. Check the response.properties file on the primary and standby as below:

    cat /opt/vmware/vcloud-director/etc/response.properties 

    NOTE: the files on the primary and standby cells must have the same http.key.path and http.key.password
  5. Check the response.properties file on the transfer folder as below:

    cat /opt/vmware/vcloud-director/data/transfer/response.properties

  6. The http.key.path on the response.properties file on the cells from step 2 is correct but do not match the one reported on the response.properties file on the transfer directory.
  7. Take a backup of the response.properties file on the transfer directory:

    cp /opt/vmware/vcloud-director/data/transfer/response.properties /opt/vmware/vcloud-director/data/transfer/response.properties.back
  8. Replace the response.properties file on the transfer directory with the response.properties file from the standby cell.
  9. Try to configure the standby cell again.
  10. If the standby cell configuration fails again, replace user.http.pem and the user.http.key files on the /opt/vmware/vcloud-director/data/transfer copying the current http certificate and its key to the transfer directory.
  11. Changed the file permissions as below:

    chown vcloud.vcloud user.http.pem
    chown vcloud.vcloud user.http.key
    chmod 0750 user.http.pem
    chmod 0750 user.http.key

  12. Run the command below to update the response.properties file:

    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -j --cert /opt/vmware/vcloud-director/data/transfer/user.http.pem --key /opt/vmware/vcloud-director/data/transfer/user.http.key --key-password <root_password>
  13. Restarted the services on the standby cell.
  14. Tried reconfiguring the newly deployed standby cell.
Powered by Wolken Software