Error: Unable to restore the VMware Cloud Director sever configuration
Article ID: 403448
Updated On:
Products
VMware Cloud Director
Issue/Introduction
- When attempting to restore VMware Cloud Director it fails with the following error in the UI:
Unable to restore the VMware Cloud Director sever configuration - In the
/var/log/vcd/restore.logyou see entries similar to:
| DEBUG | Invoking as root: /opt/vmware/appliance/bin/configure-vcd.sh restore false false | ERROR | Error running command: CompletedProcess(args='/opt/vmware/appliance/bin/configure-vcd.sh restore false false', returncode=20, stdout='Running in restore mode\nAppliance OS Phase has been Completed.\nStarting Appliance Cloud Director Configuration Phase.\nInvoking check-vcd-params script again.\nAll the required ovf parameters provided for the Cloud Director configuration phase\nInvoking nfs-setup script.\nMounting NFS file share ...\nInvoking setupvcd script.\nsetupvcd script failed to execute.\nFor more details, check /opt/vmware/var/log/vcd/configure-vcd.log.\n', stderr='') | ERROR | An error was encountered while restoring. Traceback (most recent call last): File "/opt/vmware/appliance/bin/api/restore.py", line 243, in restore reconfigure_vcd(str(http_cert).lower(), str(pgmanagement_cert).lower()) File "/opt/vmware/appliance/bin/api/restore.py", line 168, in reconfigure_vcd err = 'Unable to restore the VMware Cloud Director server configuration.' File "/opt/vmware/appliance/bin/api/restore.py", line 50, in run raise RestoreException(err) RestoreException: Unable to restore the VMware Cloud Director server configuration. | INFO | An error occurred during configuration, running cleanup - In the
/opt/vmware/vcloud-director/logs/configure-<date>.logyou see entries similar to:
| DEBUG | main | ConfigAgent | Configuring server certificates... | | INFO | main | ConfigAgent | HTTP SSL certificate entered: /opt/vmware/vcloud-director/data/transfer/certificates/http.pem | | INFO | main | ConfigAgent | HTTP SSL private key entered: /opt/vmware/vcloud-director/data/transfer/certificates/http.key | | ERROR | main | ConfigAgent | Cryptographic error: Password provided was incorrect for the supplied private key | | ERROR | main | ConfigAgent | Aborting configure due to OTHER (106) | com.vmware.vcloud.configure.legacy.ConfigAgentException: Aborting configure due to OTHER (106) Caused by: java.security.cert.CertificateException: Password provided was incorrect for the supplied private key at com.vmware.vcloud.common.cmt.CertificateInputUtils.handleUserPasswordException(CertificateInputUtils.java:###) at com.vmware.vcloud.common.cmt.CertificateInputUtils.promptAndLoadUserCertificates(CertificateInputUtils.java:###) at com.vmware.vcloud.common.cmt.CertificateInputUtils.configureServerCertificates(CertificateInputUtils.java:###) at com.vmware.vcloud.configure.legacy.ConfigAgent.configureCertificates(ConfigAgent.java:###) at com.vmware.vcloud.configure.legacy.ConfigAgent.configureCell(ConfigAgent.java:###) at com.vmware.vcloud.configure.legacy.ConfigAgent.start(ConfigAgent.java:###) at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.start(ConfigAgentExecutor.java:##) at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.main(ConfigAgentExecutor.java:##) Caused by: java.security.spec.InvalidKeySpecException: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: Error finalising cipher at com.vmware.vcloud.common.crypto.Crypt.parsePKCS8PrivateKey(Crypt.java:###) at com.vmware.vcloud.common.cmt.CertificateInputUtils.promptAndLoadUserCertificates(CertificateInputUtils.java:###) ... 6 more Caused by: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: Error finalising cipher at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source) at com.vmware.vcloud.common.crypto.Crypt.parseEncryptedPKCS8PrivateKey(Crypt.java:###) at com.vmware.vcloud.common.crypto.Crypt.parsePKCS8PrivateKey(Crypt.java:###) ... 7 more Caused by: org.bouncycastle.crypto.InvalidCipherTextException: Error finalising cipher at org.bouncycastle.jcajce.io.CipherInputStream.finaliseCipher(Unknown Source) at org.bouncycastle.jcajce.io.CipherInputStream.nextChunk(Unknown Source) at org.bouncycastle.jcajce.io.CipherInputStream.read(Unknown Source) at org.bouncycastle.util.io.Streams.pipeAll(Unknown Source) at org.bouncycastle.util.io.Streams.readAll(Unknown Source) ... 10 more Caused by: javax.crypto.BadPaddingException: Error finalising cipher data: pad block corrupted at org.bouncycastle.jcajce.provider.BaseCipher.engineDoFinal(Unknown Source) at java.base/javax.crypto.Cipher.doFinal(Cipher.java:####) ... 15 more
Environment
VMware Cloud Director 10.6.X
VMware Cloud Director 10.5.X
Cause
This issue is encountered when the user.certificate.path/user.key.path does not point to /opt/vmware/vcloud-director/etc/user.http.pem and user.http.key when restoring from backup in global.properties.
Resolution
VMware Engineering is aware of this issue and it will be addressed in a future release of VMware Cloud Director.
Workaround
To workaround the issue please perform the following steps:
- Extract the files from the backup zip folder that was created when you take a backup of the VMware Cloud Director.
- Take a backup of the following file in the backup folder:
global.properties - Edit the original
global.propertiesfile in the backup folder by editing the following lines:
From:user.certificate.path = /opt/vmware/vcloud-director/data/transfer/certificates/http.pemuser.key.path = /opt/vmware/vcloud-director/data/transfer/certificates/http.key
To:user.certificate.path = /opt/vmware/vcloud-director/etc/user.http.pemuser.key.path = /opt/vmware/vcloud-director/etc/user.http.key - Save the changes and zip the folder again and attempt the restore again using the edited backup.
Additional Information
Feedback
Yes
No
Powered by
