Error: "Invalid database configuration: The hostname x.x.x.x could not be verified by hostnameverifier PgjdbcHostnameVerifier." occurs during upgrade to VMware Cloud Director 10.6.1
search cancel

Error: "Invalid database configuration: The hostname x.x.x.x could not be verified by hostnameverifier PgjdbcHostnameVerifier." occurs during upgrade to VMware Cloud Director 10.6.1

book

Article ID: 388974

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • VMware Cloud Director cells fail to connect to PostgreSQL database after upgrade to VMware Cloud Director 10.6.1.

  • Error seen in UI :
         
        configure-vcd script failed to complete 

  • In the log file /opt/vmware/vcloud-director/logs/cell-management-tool.log the following PostgreSQL connection errors are noticed  -

        ERROR    | main                      | PGjdbcHostnameVerifier         | Server name validation failed: certificate for host x.x.x.x dNSName entries subjectAltName, but none of them match. Assuming server name validation failed |
        ERROR    | main                      | ReconfigureDatabaseCommand     | Invalid database configuration: The hostname x.x.x.x could not be verified by hostnameverifier PgjdbcHostnameVerifier. |

Environment

VMware Cloud Director 10.6.1

Cause

The upgrade to VMware Cloud Director 10.6.1 fails if the SAN field in the PostgreSQL certificate does not contain the database IP address. The error is triggered by a security enhancement in the product and affects both VMware Cloud Director appliance deployments and Linux installations.

Resolution

Important: If you encounter this error, roll back to the snapshot taken before the upgrade, before making any of these changes.


To resolve this issue, perform one of the following two options.

1) Prior to upgrade, generate new certificates for PostgreSQL with the database server IP address included in the SAN field with a new CSR (Certificate Signing Request).  For VMware Cloud Director appliances, generate certificates with the eth1 IP address.

See the following documentation for additional details.

Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate

SSL Certificate Creation and Management of Your VMware Cloud Director Appliance


2) If you cannot replace your PostgreSQL certificates, configure the database connection to use SSL.

  1. Back up the global.properties file located in /opt/vmware/vcloud-director/etc/global.properties.
  2. Append sslmode=require to the jdbcUrl string in /opt/vmware/vcloud-director/etc/global.properties file on all Cloud Director cells.

    Example:

    Before:database.jdbcUrl=jdbc:postgresql://##.##.##.##:5432/vcloud?socketTimeout=90

    After: database.jdbcUrl=jdbc:postgresql://##.##.##.##:5432/vcloud?socketTimeout=90&sslmode=require&ssl=true

  3. Retry the upgrade.

Additional Information

Powered by Wolken Software