Certificate Management in VxRail manager fails to load "The provided vCenter credentials are not valid"
search cancel

Certificate Management in VxRail manager fails to load "The provided vCenter credentials are not valid"

book

Article ID: 389212

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

VxRail plugin is not able to load the physical view of the host and does not display any certificate information. Due to which, VxRail related operations through vCenter user interface cannot be performed.

This article provides steps to sync up certificate information with VxRail from vCenter server. The approach differ if the vCenter server certificate is a default or custom CA certificate.

Environment

VCF 

VXrail

Cause

  • VxRail Manager (VxRM) cannot learn the new certificate information automatically when vCenter CA certificate is rotated/updated.
  • Due to which, VxRM management account cannot communicate with vCenter to present required data in vCenter inventory using VxRail plugin.

Resolution

Importing Self-Signed certificate:

Steps to import self-signed certificate to VxRail manager has been described in Dell VxRail: How to Manually Import vCenter SSL Certificate on VxRail Manager

Importing Custom vCenter server certificates:

  1. Retrieve the new Custom CA certificates from vCenter Server
  • From Web Browser:
    • From web browser, go to https://<vCenter.example.com>
    • Click on the Download trusted root CA certificates link on the bottom right corner of the page.
    • A Zip file with name download.zip will be downloaded.
  • Using CLI method
    • Use curl command from vCenter and download the cert: # curl -k https://<vCenter.example.com>/certs/download.zip.

     2. Transfer files to VxRail Manager

  • Use any file transfer utility to transfer this zip file to VxRail Manager.
  • Alternatively transfer file from vCenter to VxRM using SCP file transfer method: # scp root@<vCenter.example.com>:/root/download.zip /tmp
  • Login to VxRM SSH
    • Change the directory to /tmp and run unzip download.zip
    • Change the directory to  /certs/lin
    • Copy the files to /var/lib/vmware-marvin/trust/lin: # cp -f /tmp/certs/lin/* /var/lib/vmware-marvin/trust/lin
  • Change the permission and ownership of the cert files.
    • # chmod 755 -R /var/lib/vmware-marvin/trust/lin
    • # chown tcserver:pivotal -R /var/lib/vmware-marvin/trust/lin

    3. Enable the Health monitoring on VxRail manager under cluster-->configure-->VxRail→Health Monitoring.

    4. Restart the VMware marvin & runjars services in VxRM and wait for 15 to 20 min.

    • # service vmware-marvin restart
    • # service runjars restart

Re-login to vCenter and check the VxRail plugin status, validate if all VxRail related operations including node removal can be performed.

Additional Information

As per VMware Cloud Foundation 4.5 on Dell EMC VxRail Release Notes the issue is reported to be fixed in VCF version 4.5. The references are mentioned under Resolved section of the document that reads "VxRail plugin will not load in vSphere Client and displays the error "The provided vCenter credentials are not valid." "

Powered by Wolken Software