Cloud Director Multisite plugin connection status returns "Partially Connected"
search cancel

Cloud Director Multisite plugin connection status returns "Partially Connected"

book

Article ID: 420345

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • In Cloud Director Provider UI, When looking at the multisite page, partner site shows up with status "Partially Connected"
  • When attempting to add vCenter on the partner site, we see the error " Another vCenter found with url "https://VC-FQDN/sdk" "
  • Cannot see paired site ovdc, Org.
  • On provider UI > when clicking on the drop down for organization at the very top of the page> Click on sites > click on the "open in new window icon" for the impacted VCD site, we see the error "authentication failed"


/opt/vmware/cloud-director/logs/vcloud-container-debug.log show:

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.apache.cxf.jaxrs.client.AbstractClient.checkClientException(AbstractClient.java:645)
pache.cxf.jaxrs.client.AbstractClient.preProcessResult(AbstractClient.java:619)
at org.apache.cxf.jaxrs.client.WebClient.doResponse(WebClient.java:1150)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1087)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:932)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:901)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:364)
at org.apache.cxf.jaxrs.client.WebClient.get(WebClient.java:390)
at com.vmware.cxfrestclient.AbstractCxfRestClient.getResource(AbstractCxfRestClient.java:124)
at com.vmware.vcloud.api.rest.client.VcdClientImpl.getVersions(VcdClientImpl.java:331)
at com.vmware.vcloud.api.rest.client.VcdClientImpl.getApiVersion(VcdClientImpl.java:1362)
at com.vmware.vcloud.api.rest.client.VcdClientImpl.<init>(VcdClientImpl.java:258)
at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.createVcdClient(MultisiteClientManagerServiceImpl.java:158)
at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.getVcdClientForAssociatedOrg(MultisiteClientManagerServiceImpl.java:129)
at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.getVcdClientForAssociatedOrg(MultisiteClientManagerServiceImpl.java:80)
at jdk.internal.reflect.GeneratedMethodAccessor12273.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.vmware.vcloud.common.service.OsgiServiceReferenceFactoryBean$3.invoke(OsgiServiceReferenceFactoryBean.java:280)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:241)
at com.sun.proxy.$Proxy577.getVcdClientForAssociatedOrg(Unknown Source)
at com.vmware.ssdc.backendbase.CSecurityManager.loginWithVcdJwt(CSecurityManager.java:899)
at com.vmware.vcloud.backendbase.management.system.SecurityServiceImpl.logInUser(SecurityServiceImpl.java:567)
at com.vmware.vcloud.backendbase.management.system.SecurityServiceImpl.validateVcdJwt(SecurityServiceImpl.java:450)
at jdk.internal.reflect.GeneratedMethodAccessor2532.invoke(Unknown Source)

and SiteAssociationStatusSynchronizerActivity  job returns the below failure (vcloud-container-debug.log):

 | WARN     | multisite-activity-pool-230864 | SiteAssociationStatusSynchronizerActivity | Site vcd-site2 responded with a response error during site association synchronization | activity=(com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity,urn:uuid:{{urn-uuid}})
[VcdErrorResponseException] HTTP status code = 401
Request ID: {{request-id}}
VCD Error: null
VCD ErrorType: major error code = 0, minor error code = -
Server stack trace: null
 at com.vmware.vcloud.api.rest.client.AbstractVcdClientBase.checkResponse(AbstractVcdClientBase.java:296)
 at com.vmware.vcloud.api.rest.client.VcdClientImpl.initializeWithSession(VcdClientImpl.java:498)
 at com.vmware.vcloud.api.rest.client.VcdClientImpl.doInitClient(VcdClientImpl.java:1347) at com.vmware.vcloud.api.rest.client.VcdClientImpl.setCredentials(VcdClientImpl.java:895)
 at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.getSignatureClient(MultisiteClientManagerServiceImpl.java:216)
 at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.createSystemServiceVcdClient(MultisiteClientManagerServiceImpl.java:179)
 at com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity$FetchSiteStatusPhase.fetchCurrentSiteStatus(SiteAssociationStatusSynchronizerActivity.java:195)
 at com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity$FetchSiteStatusPhase.invoke(SiteAssociationStatusSynchronizerActivity.java:174)
 at com.vmware.vcloud.activity.executors.ActivityRunner.runPhase(ActivityRunner.java:175)
 at com.vmware.vcloud.activity.executors.ActivityRunner.run(ActivityRunner.java:112)
 at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
 at java.base/java.lang.Thread.run(Thread.java:829)
 | DEBUG    | multisite-activity-pool-230864 | SiteAssociationStatusSynchronizerActivity | [Activity Execution] Next phase: UpdateSiteStatusPhase - Handle: urn:uuid:{{urn-uuid}}, Current Phase: SiteAssociationStatusSynchronizerActivity$FetchSiteStatusPhase | activity=(com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity,urn:uuid:{{urn-uuid}})
ErrorType: major error code = 0, minor error code = -
Server stack trace: null
 at com.vmware.vcloud.api.rest.client.AbstractVcdClientBase.checkResponse(AbstractVcdClientBase.java:296)
 at com.vmware.vcloud.api.rest.client.VcdClientImpl.initializeWithSession(VcdClientImpl.java:498)
 at com.vmware.vcloud.api.rest.client.VcdClientImpl.doInitClient(VcdClientImpl.java:1347)
 at com.vmware.vcloud.api.rest.client.VcdClientImpl.setCredentials(VcdClientImpl.java:895)
 at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.getSignatureClient(MultisiteClientManagerServiceImpl.java:216)
 at com.vmware.vcloud.multisite.impl.MultisiteClientManagerServiceImpl.createSystemServiceVcdClient(MultisiteClientManagerServiceImpl.java:179)
 at com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity$FetchSiteStatusPhase.fetchCurrentSiteStatus(SiteAssociationStatusSynchronizerActivity.java:195)
 at com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity$FetchSiteStatusPhase.invoke(SiteAssociationStatusSynchronizerActivity.java:174)
 at com.vmware.vcloud.activity.executors.ActivityRunner.runPhase(ActivityRunner.java:175)
 at com.vmware.vcloud.activity.executors.ActivityRunner.run(ActivityRunner.java:112)
 at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
 at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
 at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
 at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
 at java.base/java.lang.Thread.run(Thread.java:829)
 | INFO     | multisite-activity-pool-226610 | hronizer$SitesAssociationStatusSyncronizerActivity | 2 site(s) are synchronized.  (0 site(s) recovered since the last synchronization).  1 site(s) are unable to sync.  (0 site(s) started to fail since the last synchronization). |
 | WARN     | multisite-activity-pool-226615 | SiteAssociationStatusSynchronizerActivity | Site vcd-site2 responded with a response error during site association synchronization | activity=(com.vmware.vcloud.multisite.impl.SiteAssociationStatusSynchronizerActivity,urn:uuid:{{urn-uuid}})
[VcdErrorResponseException] HTTP status code = 401
Request ID: {{request-id}}
VCD Error: null

Environment

VMware Cloud Director 10.6.x

Cause

This issue is caused by a certificate trust mismatch.

The local Cloud Director site does not have the updated or correct public certificate of the remote (partner) Cloud Director site in its truststore. This prevents the sites from successfully performing the mutual SSL handshake required for API communication, leading to the "Partially Connected" state and authentication failures.

Resolution

To resolve this issue, you must explicitly import and trust the partner site's certificate within the local Cloud Director Provider UI.

Follow these steps:

  1. Log in to the Provider UI of the site reporting the issue.

  2. Navigate to Administration from the top menu.

  3. In the left navigation pane, scroll down to Settings and select Trusted Certificates.

  4. Click on the Test Remote Connection button.

  5. In the dialog box, enter the Fully Qualified Domain Name (FQDN) of the partner (remote) Cloud Director site.

  6. Click Connect.

  7. The system will retrieve the remote site's certificate. When prompted with the certificate details, review them and click Trust.

  8. Return to the Multisite configuration page and refresh. The status should now change to Connected.

Note: If the issue persists, repeat these steps on the partner site (pointing back to the local site) to ensure the trust is established bi-directionally.

Powered by Wolken Software