VM console access fails with a 500 Internal Server Error in VMware Cloud Director
Article ID: 403873
Updated On:
Products
Issue/Introduction
- Accessing VM console in VMware Cloud Director fails with the below API call:
POST https://<VCD-URL>/api/vApp/vm-<VM-ID>/screen/action/acquireMksTicket
Error: Unable to collect webmks token
- Console access fails across all VMs from the VCD UI.
- In vcloud-container-debug.log, you see error messages similar to:
| ERROR | ####-#####-#### | VAppServiceImpl | Encountered error while trying to augment c
loned ticket for vm vm-####### | requestId=########-####-####-####-############,request=POST https://example.com/api/vApp/vm
-########-####-####-####-############/screen/action/acquireMksTicket,requestTime=1752107386351,remoteAddress=#.#.#.#:port,userAgent=Mozil
la/5.0 AppleWebKit/537.36 ...,accept=application/*+xml;version 39.0
com.vmware.consoleproxy.ticket.AugmentationException: Unable to determine public endpoint certificate chain
at com.vmware.consoleproxy.ticket.impl.EncryptionTicketThumbprintAugmentation.augmentTicket(EncryptionTicketThumbprintAugmentation.ja
va:109)
Environment
VMware Cloud Director 10.x
Cause
This issue is caused by a missing or incorrectly associated public certificate in the Public Addresses section of the VCD Provider UI.
Resolution
To resolve the issue, ensure that the SSL certificate used by the load balancer or public endpoint is uploaded and correctly associated in the Public Addresses section of the Cloud Director provider interface.
Steps to Fix:
-
Log in to the VCD Provider UI.
-
Navigate to:
Administration > Settings > Public Addresses -
Click Edit.
-
Upload the correct SSL certificate used by the load balancer for console access (REST/console proxy).
-
Click Save.
After completing this configuration, MKS ticket generation should succeed, and VM consoles will be accessible via the UI.
Feedback
