Attempting to connect to offline Depot on SDDC Manager fails with "VMWARE_DEPOT_CONNECT_FAILURE Failed to connect to VMware depot with the provided user credentials. Cause: {0}"
search cancel

Attempting to connect to offline Depot on SDDC Manager fails with "VMWARE_DEPOT_CONNECT_FAILURE Failed to connect to VMware depot with the provided user credentials. Cause: {0}"

book

Article ID: 416592

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • Connecting SDDC manager to offline depot fails with "VMWARE_DEPOT_CONNECT_FAILURE Failed to connect to VMware depot with the provided user credentials. Cause: {0}"

  • Logs from SDDC Manager (/var/log/vmware/vcf/lcm/lcm.log) will show entries similar to:

    sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
            at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
            at java.base/sun.security.validator.Validator.validate(Unknown Source)
            at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
            at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
            at com.vmware.vcf.secure.truststore.DynamicTrustManager.checkServerTrusted(DynamicTrustManager.java:52)
            at java.base/sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
            at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)

     

  • Alternatively, you might see the log snippet below:  

INFO  [vcf_lcm,,#########,dbac] [c.v.e.s.l.s.i.DepotSettingsServiceImpl,http-nio-127.0.0.1-7400-exec-9] Updating VCF_DEPOT account
ERROR [vcf_lcm,#########,dbac] [c.v.e.s.l.b.d.depot.DepotDownloader,http-nio-127.0.0.1-7400-exec-9] Got SSLPeerUnverifiedException connecting to <OBTU_FQDN>:443
ERROR [vcf_lcm,,#########,dbac] [c.v.v.l.r.a.c.v.s.DepotSettingsController,http-nio-127.0.0.1-7400-exec-9] Update Depot Settings com.vmware.evo.sddc.lcm.model.depot.exception.DepotConnectionFailureException: Secure protocol communication error, check logs for more details

Environment

VMware Cloud Foundation 5.x

Cause

The SDDC Manager is unable to connect to the offline depot due to an SSL handshake exception, indicating that the offline depot's security certificate is not trusted by the SDDC Manager's trust store. 

Resolution

  • Make sure Offline Depot server is configured to use the hostname as FQDN and this should reflect in the Common Name (CN) field of the Offline Depot server certificate.
  • Import a copy of the Offline depot server certificate needs into the SDDC trust store. Refer How to import Proxy server certificate to SDDC manager trust store. (In this scenario, ensure that the Offline Depot server certificate is uploaded to the trust store, rather than the proxy server certificate.)

Additional Information

VMware Cloud Foundation Offline Depot Introduction

VCF Offline Depot deployment

Download Bundles to an Offline Depot

Powered by Wolken Software