KMS server shows 'no trusted connection' message on vCenter
Article ID: 403041
Updated On:
Products
VMware vSAN
Issue/Introduction
Symptoms:
- Upon renewing the vCenter certificate and after the KMS certificate expiring, the key provider section under vCenter shows shows not connected and 'no trust connection' message:
- When we try to Trust KMS it shows the older KMS certificate which is already expired.
- This can cause the disk group on the hosts unable to mount if a host is rebooted during this state.
Environment
VMware vSAN 7.x
VMware vSAN 8.x
Cause
Since the KMS server certificate is expired, when the vCenter tries to trust the KMS, it is not successful.
The certificate expiration date can be checked by using a cert decoder. It shows validity date as below:
Resolution
Request the customer to involve the KMS vendor to fix the certificate issues of the KMIP and the vCenter from the KMS console.
Once resolved, click on 'Trust KMS' and it should reflect the new certificate expiration date.
Feedback
Yes
No
Powered by
