Error: '500 Internal Server Error' when trying to access VM console from VMware Cloud Director
search cancel

Error: '500 Internal Server Error' when trying to access VM console from VMware Cloud Director

book

Article ID: 403873

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • Accessing Virtual Machine (VM) console in VMware Cloud Director(VCD) fails with the below API call:

POST https://<VCD-URL>/api/vApp/vm-<VM-ID>/screen/action/acquireMksTicket

Error: Unable to collect webmks token

  • Console access fails across all VMs from the VCD UI.
  • Cannot launch web and remote console for VM from VCD level. 
  • You can see the below error messages from /opt/vmware/vcloud-director/logs/vcloud-container-debug.log :

ERROR    | pool-jetty-8054           | VAppServiceImpl                | Encountered error while trying to augment cloned ticket for vm <vm moref> | requestId=########-####-####-####-####5045,request=POST https://<vcd-fqdn>/api/vApp/vm-<vm-id>/screen/action/acquireMksTicket,requestTime=########,remoteAddress=##.##.##.##:####,userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...,accept=application/*+xml;version 39.0
com.vmware.consoleproxy.ticket.AugmentationException: Unable to determine public endpoint certificate chain
        at com.vmware.consoleproxy.ticket.impl.EncryptionTicketThumbprintAugmentation.augmentTicket(EncryptionTicketThumbprintAugmentation.java:109)
        at com.vmware.vcloud.vapp.impl.VAppServiceImpl.augmentMksTicket(VAppServiceImpl.java:1156)
        at com.vmware.vcloud.vapp.impl.VAppServiceImpl.acquireMksTicketInfo(VAppServiceImpl.java:972)
        at jdk.internal.reflect.GeneratedMethodAccessor7578.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)

Environment

VMware Cloud Director 10.x

Cause

This issue is caused by a missing or incorrectly associated public certificate in the Public Addresses section of the VCD Provider UI. 

Resolution

To resolve the issue, ensure that the SSL certificate used by the load balancer or public endpoint is uploaded and correctly associated in the Public Addresses section of the Cloud Director provider interface.

Steps to Fix:

  1. Log in to the VCD Provider UI.

  2. Navigate to: Administration > Settings > Public Addresses

  3. Click Edit.

  4. Upload the correct SSL certificate used by the load balancer for console access (REST/console proxy).

  5. Click Save.

After completing this configuration, MKS ticket generation should succeed, and VM consoles will be accessible via the UI.

Additional Information

**NOTE: For further details about certificate please refer this article for an overview of certificates in VCD: https://knowledge.broadcom.com/external/article/416902/certificates-in-vcd-106x.html

Powered by Wolken Software