VASA provider showing offline due to Certificate issue
search cancel

VASA provider showing offline due to Certificate issue

book

Article ID: 415468

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • VASA Provider shows offline on vCenter
  • Self signed certificate URL was provided from Vendor, but unable to add on the vCenter 
  • In the vCenter log: var/log/vmware/vmware-sps/sps.log: you will see entry similar to the below:
    -- > * self signed certificate in certificate chain)
-- > [context]zKq#####NgA-[/context]
info vvold[2108618] [Originator@6876 sub=Default opID=lro-######-acb6] VasaSession :: GetEndPoint: with url https://###-######.##.#####
corp: 9997/vasa
warning vvold[2161204] [originator@6876 sub=IO.Connection opID=lro-######-acb6] Failed to SSL handshake; SSL(<io_obj t:N7Vmacore6System19TCPSocketObjectAsios, h:7, <TCP '10.##.##.## : 42804'>, <TCP '172.##.##.## : 9997'>>), e: 336134278(certificate verify failed), duration: 3msec
warning vvold[2161204] [originator@6876 sub-HttpConnectionPool-000000 opID-1ro-######-acb6] Failed to get pooled connection: <cs p:00000013bd8cc2c0, TCP:vasaprovider.example.com:9997>, SSL(<io_obj t:N7Vmacore6System19TCPSocketObjectAsioE, h:7, <TCP '10.##.##.## : 42804'>, <TCP '172.##.##.## : 9997'>>),
duration: 4msec, N7Vmacore3Ss118SSLVerifyExcoptionE (SSL Exception: Verification parameters:
-- > PoorThumbprint:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
-- > ExpectedThunbprint:
-- > ExpectedPeerName:##.####.####
-- > The remote host certificate has these problems:
-- >
-- > * self signed certificate in certificate chain)
-- > [context]zKq##################28uNgA=[/context]
[Originator@6876 sub=IO.Http opID=lro-######-acb6] Set user agent error; state: 1, (null), N7Vmacore3Ss118SSLVerif
yExceptionE (SSL Exception: Verification parameters:
-- > PeerThumbprint: ##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
-- > ExpectedThumbprint:
-- > ExpectedPeerName: :##:##:##:##:##:##:##:##
-- > The remote host certificate has these problems:

 

Environment

  • VMware vCenter 8.x
  • VMware vCenter 7.x

Cause

  • Custom certificate for the VASA Provider from vendor is expired due to which it shows offline on vSphere Client

Resolution

To resolved this VASA Provider self signed certificate is needed from Storage Vendor

 

  1. Make sure to take a Snapshot of your vCenter, if it's linked mode take offline Snapshot powering off your vCenter VM.
  2. From the vSphere Client, select the vCenter
  3. Click the Configure tab
  4. Click on Storage Providers.
  5. Select and remove the Storage Provider showing the status "offline"
  6. Click add and update the fields of Name, URL, User name and Password and select the checkbox "use storage provider certificate"

 

    6. Make sure to click checkbox "use storage provider certificate" and click on ok 

 

    

Additional Information

Note: Sometime once the VASA provider is registered, Esxi host connected to VASA provider might show Certificate error

  • In that case please login to vCenter Webclient->Select Esxi Host->Certificate->Click on Manage with VMCA Tab-> Renew Certificate.
Powered by Wolken Software