In TCA manager any attempts to edit a VIM gives the following error:
[E_INTERNAL_ERROR] Error in updating tenant account: A JSONObject text must begin with '{' at character 0 of
2.x
3.x
Within the tca-cp-cn_tca-api pod logs you will find the following back trace:
0.log
YYYY-MM-DDT00:00:00.000000000Z stdout F 2025-02-01 01:40:24.045 UTC [http-nio-8443-exec-7, Ent: HybridityAdmin, Usr: [email protected], TxId: ########-####-####-####-############] ERROR c.v.v.h.a.AuthenticationFilter- Failed to Authenticate for URL /hybridity/api/queueJobFromRemote
YYYY-MM-DDT00:00:00.000000000Z stdout F com.vmware.vchs.hybridity.api.exception.InternalErrorException: Unable to get user information
Caused by: com.vmware.vchs.hybridity.keymanager.KeyManagerException: com.vmware.vchs.hybridity.adapters.postgresql.AmbiguousResultException: Expected only one row in result set
at com.vmware.vchs.hybridity.keymanager.KeyManager.loadTrustedCertificate(KeyManager.java:73)
at com.vmware.vchs.hybridity.authentication.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:118)
... 57 common frames omitted
Caused by: com.vmware.vchs.hybridity.adapters.postgresql.AmbiguousResultException: Expected only one row in result set
at com.vmware.vchs.hybridity.adapters.postgresql.Utils.getOne(Utils.java:94)
at com.vmware.vchs.hybridity.adapters.postgresql.Utils.getOne(Utils.java:73)
at com.vmware.vchs.hybridity.keymanager.KeyManager.loadTrustedCertificate(KeyManager.java:64)
... 58 common frames omitted
The above is due to a duplicate cert existing within the postgres pod, the duplicate cert can be see by connecting to the postgres-0 pod on the TCA-CP and running this command:
# psql -c 'select * from "certstore"' tca | grep web-engine
1 | {"name": "<Certificate-Name>", "sha1": "<sha1-fingerprint>", "bucket": "web-engine", "sha256": "<sha256-fingerprint>", "metadata": {"cert": {"source": "<Certificate-Name>", "notAfter": "<Date>", "notBefore": "<Date>"}}, "isDeleted": false, "certificate":
2 | {"name": "<Certificate-Name>", "sha1": "<sha1-fingerprint>", "bucket": "web-engine", "sha256": "<sha256-fingerprint>", "metadata": {"cert": {"source": "<Certificate-Name>", "notAfter": "<Date>", "notBefore": "<Date>"}}, "isDeleted": false, "certificate":
This is resolved in TCA 3.1.1
Workaround:
The duplicate certificate can be manually removed by connecting to the postgres-0 pod on the TCA-CP and running this command as well as specifying which certificate to delete, in our case we are doing the newer one
# psql -c 'delete from "certstore" where id=2’ tca
Once removed you can resume VIM operations.