Unable to configure Microsoft Certificate Authority in SDDC Manager
search cancel

Unable to configure Microsoft Certificate Authority in SDDC Manager

book

Article ID: 416432

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • SDDC Manager logs shows the following error:

    /var/log/vmware/vcf/operationsmanager/operationsmanager.log
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,<task_id>] [c.v.v.c.ca.plugin.MicrosoftCaService,http-nio-127.0.0.1-7300-exec-5] 
    Unable to retrieve Microsoft server certificate as provided host <MSCA_FQDN> is not valid/reachable.
    java.lang.RuntimeException: java.lang.IllegalStateException: AuthScheme is null
    ..
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,<task_id>] [c.v.v.c.r.a.c.v.CertificateManagementController,http-nio-127.0.0.1-7300-exec-5] Failed to create certificate authority
    com.vmware.vcf.certmgmt.common.exception.CertificateManagementException: Failed to fetch certificate from Microsoft CA with java.lang.IllegalStateException: AuthScheme is null.
    ..
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,<task_id>] [c.v.v.i.b.i.TranslationMessage,http-nio-127.0.0.1-7300-exec-5] Can't find resource for bundle java.util.PropertyResourceBundle, key CERTIFICATE_CA_CREATION_FAILED.remedy
    yyyy-mm-ddThh:mm:ss.zzz+0000 DEBUG [vcf_om,<task_id>] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-5] Handler Error Response: 
    {
        "errorCode": "CERTIFICATE_CA_CREATION_FAILED",
        "arguments": [],
        "message": "Unable to create CA.",
        "causes": [
            {
                "type": "com.vmware.vcf.certmgmt.common.exception.CertificateManagementException",
                "message": "Failed to fetch certificate from Microsoft CA with java.lang.IllegalStateException: AuthScheme is null."
            },
            {
                "type": "java.lang.RuntimeException",
                "message": "java.lang.IllegalStateException: AuthScheme is null"
            },
            {
                "type": "java.lang.IllegalStateException",
                "message": "AuthScheme is null"
            }
        ],
        "referenceToken": "<TOKEN_ID>"
    }

  • Certificate replacement for appliance <Fleet_Management_fqdn> has failed. 500 : "{"status":"","message":"Invalid request found.","errorCode":"LCM_CERTIFICATE_API_ERROR0000","errorLabel":"Unknown Certificate error.","recommendations":[]}"


  • Unable to configure the CA in fleet management for VCF instance.

yyyy-mm-ddThh:mm:ss.zzzZ ERROR vrlcm[47420] [http-nio-8080-exec-4] [c.v.v.l.l.c.MSCARestClient]  -- Exception occurred while trying to validate Microsoft CA
org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized: "<html" target="_blank" rel="noopener noreferrer" style="box-sizing: border-box; scrollbar-width: thin; scrollbar-color: rgb(128, 210, 242) rgba(0, 0, 0, 0);">http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html< a="" style="box-sizing: border-box; scrollbar-width: thin; scrollbar-color: rgb(128, 210, 242) rgba(0, 0, 0, 0);"> xmlns=""" target="_blank" rel="noopener noreferrer">http://www.w3.org/1999/xhtml">"</html<></html">
        at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:105) ~[spring-web-5.3.43.jar!/:5.3.43]

Environment

  • VCF 9.x
  • VCF 5.x

Cause

Basic authentication is disabled on the Microsoft Certificate Authority

Resolution

Follow the documentation below to resolve the issue: Configure the Microsoft Certificate Authority for Basic Authentication

Additional Information

Configure a Microsoft Certificate Authority in SDDC Manager

Powered by Wolken Software