Adding HCX Mobility Agent Host failed: "Unable to push CA certificates and CRLs"

search cancel

Adding HCX Mobility Agent Host failed: "Unable to push CA certificates and CRLs"

book

Article ID: 415717

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

You are deploying/creating a HCX Service Mesh, and the task failed: "Unable to push CA certificates and CRLs".

The following error messages observed in /common/logs/admin/app.log

<timestamps> UTC [InterconnectService_SvcThread-20631, J:########, , TxId: ########-###-####-####-############] ERROR c.v.v.h.s.i.InitiateApplianceOperation- InterconnectRedeploy workflow failed with error Interconnect Service Workflow interconnectConfigureMA failed. Error: Adding Mobility Agent Host failed. A general system error occurred: Unable to push CA certificates and CRLs to host #.#.#.#,  Failed to configure Mobility Agent host. Reason: Connection timed out (Connection timed out)

Environment

VMware HCX
vCenter Server 8.0 U3

Cause

This is caused by a change to vSphere HA in version 8.0U3 which now validates the certificates used.

Resolution

This is a condition that may occur in a VMware HCX environment.

Follow the steps described on the Broadcom KB: Unable to push CA certificates and CRLs to host: Certificate uses weak RSA/DSA pkey (length=1024)

Additional Information

Unable to push CA certificates and CRLs to host: Certificate uses weak RSA/DSA pkey (length=1024)

Feedback

thumb_up Yes

thumb_down No