Brownfield deployment of a vCenter failing on precheck with below command, "Cannot connect to VCFQDN. Cause: certificate_unknown"
search cancel

Brownfield deployment of a vCenter failing on precheck with below command, "Cannot connect to VCFQDN. Cause: certificate_unknown"

book

Article ID: 396616

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

below errors we see on the script output,

[YYYY-MM-DD HH:MM:SS, 921][ERROR] request helper: Result status code from SDDC Manager controller info retrieval: 404
[YYYY-MM-DD HH:MM:SS, 921][INFO] sddc_manager_helper: Setting pre-check engine datasource
[YYYY-MM-DD HH:MM:SS, 176][ERROR] request_helper: Result status code from set datasource: 400
[YYYY-MM-DD HH:MM:SS, 177]sddc_manager helper: Could not configure datasoure
[YYYY-MM-DD HH:MM:SS, 202]sddc_manager_helper: Using cached SDDC Manager token header
[YYYY-MM-DD HH:MM:SS, 202]request helper: Response status from retrieving domain: 200
[YYYY-MM-DD HH:MM:SS, 202]sddc_manager_helper: Retrieving SDDC Manager version
[YYYY-MM-DD HH:MM:SS, 653][INFO] sddc_manager_helper: Discovered SDDC Manager version: 5.2.1.0-24307856
[YYYY-MM-DD HH:MM:SS, 890][INFO] request helper: Response status from trigger import guardrails: 202
[YYYY-MM-DD HH:MM:SS, 028][INFO] sddc_manager_helper: monitor import guardrails - IN PROGRESS
[YYYY-MM-DD HH:MM:SS, 028][INFO] sddc_manager_helper: monitor import guardrails - FAILED
[YYYY-MM-DD HH:MM:SS, 030] [ERROR] check domain reporter: Cannot connect to vcenterFQDN. Cause: certificate unknown (46)

 

 

Environment

VCF 5.2.x

Cause

In /home/vcf/vcf-import-package/vcf-brownfield-import-5.2.1.2-24494579/vcf-brownfield-toolset/output/guardrails_report_vcenterFQDN.csv we see below entries,


"status":
"COMPLETED_WITH_FAILURE",
"errorCode": "ASSESSMENT_CANNOT_ADD_CONNECTION _WITH_CAUSE",
"arguments": [
"vcenterFQDN",
"certificate_unknown (46)"
1, "context"; null,
"message": "Cannot connect to vcenterFQDN. Cause: certificate_unknown (46)",
"remediationMessage"; null,
"cause": [
"type": "com.vnware.vim.vmomi.client.exception.SslException",
"message": "org.bouncycastle.tls.TlsFatalAlert: certificate_unknown (46)",
"pack"; null
2-24494579/vcf-brownfield-toolset/output
1$ cat guardrails_results_vcenterFQDN.json
"type": "org.bouncycastle.tls.TlsFatalAlert",
"message"; "certificate_unknown (46)",
"pack": null
"type":
"java.security.cert.CertificateException",
"message":
"Unable to find certificate chain.",
"pack": null
1, "nestedErrors": null,

Resolution

Collected vCenter's signing certificate and updated in trusted stores on SDDC Manager using the steps available in below doc,

How to import the vCenter root certificate into the SDDC manager TrustStore

Powered by Wolken Software