Set Up an Offline Depot from VCF 9.0 Installer GUI fails with Secure protocol communication error
search cancel

Set Up an Offline Depot from VCF 9.0 Installer GUI fails with Secure protocol communication error

book

Article ID: 403203

calendar_today

Updated On:

Products

VMware Cloud Foundation VMware SDDC Manager

Issue/Introduction

  • Access VCF installer GUI and try to connect OFFLINE depot using 443 port ( SSL connection) fails with the following message:

    Secure protocol communication error, check logs for more details
  • LCM logs shows the following error:

    xxxx-xx-xxTxx:xx:xx.xxx+0000 INFO  [vcf_lcm,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxx] [o.a.h.c.h.i.c.HttpRequestRetryExec,http-nio-127.0.0.1-7400-exec-3] Recoverable I/O exception (xxx.xxxxxxxxxxx.tls.TlsFatalAlert) caught when processing request to {s}->https://<ip_address>:<port>
    xxxx-xx-xxTxx:xx:xx.xxx+0000 ERROR [vcf_lcm,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxx] [c.v.e.s.l.b.d.depot.DepotDownloader,http-nio-127.0.0.1-7400-exec-3] Got TlsFatalAlert connecting to <ip_address>:<port>
    xxxx-xx-xxTxx:xx:xx.xxx+0000 ERROR [vcf_lcm,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxx] [c.v.v.l.r.a.c.v.s.DepotSettingsController,http-nio-127.0.0.1-7400-exec-3] Update Depot Settings
    com.vmware.evo.sddc.lcm.model.depot.exception.DepotConnectionFailureException: Secure protocol communication error, check logs for more details
            at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotDownloader.validateUser(DepotDownloader.java:506)
            at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotDownloader.validateUser(DepotDownloader.java:522)
            at com.vmware.evo.sddc.lcm.bundle.download.depot.DepotBundleDownloadServiceImpl.validateUser(DepotBundleDownloadServiceImpl.java:271)
            at com.vmware.evo.sddc.lcm.services.impl.DepotUserCredentialServiceImpl.update(DepotUserCredentialServiceImpl.java:62)
            at com.vmware.evo.sddc.lcm.services.impl.DepotSettingsServiceImpl.updateDepotCredentials(DepotSettingsServiceImpl.java:131)
            at com.vmware.evo.sddc.lcm.services.impl.DepotSettingsServiceImpl.updateDepotSettings(DepotSettingsServiceImpl.java:89)
            at com.vmware.vcf.lcm.rest.api.controller.v1.settings.DepotSettingsController.updateDepotSettings(DepotSettingsController.java:88)
            at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)

Environment

VMware Cloud Foundation 9.x

Cause

The offline depot certificate is not trusted by the VCF installer.

Resolution

Add the missing certificate to the trust store of the installer appliance using the same steps as 316056.

Additional Information

There is already an "Idea" (Feature Request) posted in our Ideas portal for adding the ability to import custom CA TLS certificates using the VCF Installer UI.

Powered by Wolken Software