licenses are no longer collecting in Aria Operations according to the Last Collection Time
search cancel

licenses are no longer collecting in Aria Operations according to the Last Collection Time

book

Article ID: 404804

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Aria Operations UI>Subscriptions>License Management>Licenses> >> On a specific license shows the license details and associated vCenter Last Collection time being at some time more than a day or two in the past.
/logs/adapters/VMwareInfraHealthAdapter/VMwareInfraHealthAdapter_##.log show repeated messages like the following:

ERROR [pool-######-thread-2] (######) com.vmware.adapter3.vmwareinfrahealth.helpers.vcenter.collector.VCenterLicenseUsageCollector.collect - Cannot fetch licenses from VC:
com.vmware.vim.sso.admin.exception.CertificateValidationException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match
...
Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match
...
Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: SSL handshake from 0.0.0.0/0.0.0.0:##### to <vcenterfqdn>/###.###.###.###:443 failed in 4 ms

Pulling up the vCenter certificate in a web browser by browsing to the vSphere UI can be used to find the thumbprint of the root, intermediate, and certificate, and can be used to validate that the certificate valid dates show a start date similar to the Last Collection time, within a day or two.

One or more of the certificates' sha256 thrumbprints do not show up in the Aria Operations UI>Administration>Control Panel>Trusted Certificates list.

The certificates that are not in the list may include the root, intermediate certificate, or the certificate signed by the root/intermediate CAs for the vCenter with an old Last Collected Time.

Environment

Aria Operations 8.18.x

Cause

Not all of the certificates in the certificate chain are in the Trusted Certificates list.

Resolution

The certificates must be in the Trusted Certificates store for Aria Operations for the Adapters to be able to properly validate the certificates.

Use the Aria Operations UI>Administration>Control Panel>Trusted Certificates IMPORT button to import the certificates which do not show up in the Trusted Certificates list.  

Additional Information

Often the .crt files provided by the CA are already in "PEM" format and can be imported individually.

Related Documentation:

Importing CA Certificates

Powered by Wolken Software