Troubleshooting error code LCMVRLICONFIG40010 when updating VMware Aria Operations for Logs
search cancel

Troubleshooting error code LCMVRLICONFIG40010 when updating VMware Aria Operations for Logs

book

Article ID: 387103

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

When updating the Aria Operations for Logs certificate, password or inventory using Aria Suite Lifecycle, you receive the error message:

Error Code: LCMVRLICONFIG40100

VMware Aria Operations for Logs host is unreachable.

Either the host name is incorrect or the virtual machine is not reachable

Unable to connect to host. Check host details and retry

Environment

Aria Operations for Logs 8.16

Aria Suite Lifecycle 8.16

Cause

Expired certificate. Run the following to verify:

echo "" | keytool -list -keystore /usr/lib/loginsight/application/etc/3rd_config/keystore -rfc 2> /dev/null | openssl x509 -noout -enddate

The enddate should be in the future.

Resolution

In order to get Aria Operations for Logs functional, we must first replace the certificate with a self-signed certificate.

Generate a self-signed certificate

  1. Log into the Primary node as root via SSH or Console.
  2. Run the following command to generate a self-signed certificate:

    openssl req -newkey rsa:2048 -keyout domain.key -x509 -days 3650 -out domain.crt -nodes

Note: This command will generate a self-signed certificate that is valid for 3650 days (10 years). You may alter the -days value as needed per your organization's security requirements.

Note: When prompted by openssl, provide the required values for your company.  If you want to use the default certificate options, enter the following values:
 

Prompt                 Value

Country                US
State Or Province      California
Locality               Palo Alto
Organization           VMware, Inc.
Organization Unit      vCenter Log Insight
Common Name            VMware vCenter Log Insight

    3. Run the following command to concatenate the key and certificate into a .pem file:

    cat domain.key domain.crt > /tmp/cert.pem

Using an SCP utility like WinSCP, copy the /tmp/cert.pem file from the Primary node to the /tmp/cert.pem directory on the other Worker nodes in the cluster.

Install your Certificate

1.  Log into the Primary node as root via SSH or Console.
2.  Run the following command to copy the newly-generated or uploaded certificate to the following location:

cp /tmp/cert.pem /usr/lib/loginsight/application/etc/certs/custom.pem

3.   Run the following command to use the custom-ssl-cerf script:

/usr/lib/loginsight/application/sbin/custom-ssl-cerf

4.    Run the following command to restart the loginsight service:

systemctl restart loginsight

Note: Once the service has restarted, wait a few minutes until the ingestion rate is back to normal, then proceed to step 5.

5.    Repeat steps 1-4 on the next node in the cluster, until all nodes have been completed.