Host removal workflow fails at 'Remove vmknics from ESXi Hosts' sub-task with certificate related error
search cancel

Host removal workflow fails at 'Remove vmknics from ESXi Hosts' sub-task with certificate related error

book

Article ID: 408312

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • You are trying to remove a host or hosts from a workload domain using the SDDC Manager
  • The workflow previously failed at an earlier stage and as part of your troubleshooting the host certificate was changed
  • The task now fails at the 'Remove vmknics from ESXi Hosts' sub-task

Error Details:

Description
Remove vmknic(s) from ESXi Hosts
Progress Messages
Failed to remove vmknics from host #################
Error
Message: Failed to remove vmknics from host ################
Remediation Message:
Reference Token: #####
Cause: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target unable to find valid certification path to requested target

Environment

VCF 4.5.x
VCF 5.2.x

Cause

  • The SDDC does not trust the new certificate and will not allow the workflow to resume.
  • This is by design

Resolution

  • Import the certificates for all affected hosts into the commonsvcs and jre truststores on the SDDC
  • Please see refer to KB 316056 for the process to do this
Powered by Wolken Software