Workload Domain update prechecks in VCF 9 fail with the following error: 'vCenter to SDDC Manager time difference (Make sure vCenter and SDDC Manager system times are within 45.0 seconds difference).'
search cancel

Workload Domain update prechecks in VCF 9 fail with the following error: 'vCenter to SDDC Manager time difference (Make sure vCenter and SDDC Manager system times are within 45.0 seconds difference).'

book

Article ID: 421491

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • The Fleet Management Lifecycle prechecks report the following error:
    'vCenter to SDDC Manager time difference (Make sure vCenter and SDDC Manager system times are within 45.0 seconds difference).'





  • No time difference is reported between the vCenter Server and the SDDC Manager, and the NTP SOS report indicates the system is healthy.

  • The following errors are observed on the SDDC Manager in the /var/log/vmware/vcf/operationsmanager/operationsmanager.log file:

    yyyy-mm-ddThh:mm:ss.zzz+0000 DEBUG [vcf_om,<task_id>] [c.v.v.b.p.updaters.PropertyUpdater,pool-2-thread-15] Executing updater method getSddcManagerSystemTime of updater VcSddcManagerUpdater, updaterInfo is 
    {"entityType":"VcManager","entityName":"<VC_FQDN>","propertyName":"sddcManagerEpochSystemTime","isMandatory":true}
    ..
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,<task_id>] [c.v.v.b.p.updaters.PropertyUpdater,pool-2-thread-15] Failed to execute updater method getSddcManagerSystemTime on entity <VC_FQDN> of type VcManager from <VC_FQDN> due to an exception {}
    java.util.concurrent.ExecutionException: java.lang.reflect.InvocationTargetException
    Caused by: java.lang.reflect.InvocationTargetException: null
            at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
            at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.base/java.lang.reflect.Method.invoke(Method.java:569)
            at org.apache.commons.lang3.reflect.MethodUtils.invokeMethod(MethodUtils.java:842)
            at org.apache.commons.lang3.reflect.MethodUtils.invokeMethod(MethodUtils.java:793)
            at com.vmware.vcf.baseliner.platform.updaters.PropertyUpdater.lambda$queryForProperties$0(PropertyUpdater.java:210)
            at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
            ... 3 common frames omitted
    Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://<SDDC_FQDN>/commonsvcs/about": Certificate for <SDDC_SHORTNAME> doesn't match any of the subject alternative names: [<SDDC_FQDN>]
            at org.springframework.web.client.RestTemplate.createResourceAccessException(RestTemplate.java:915)
            at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:895)
            at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:790)
            at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:672)
            at com.vmware.vcf.baseliner.helpers.HeadersRestHelper.getResponseHttpHeaders(HeadersRestHelper.java:61)
            at com.vmware.vcf.baseliner.sddcmgr.updaters.VcSddcManagerUpdater.getSddcManagerSystemTime(VcSddcManagerUpdater.java:73)
            ... 11 common frames omitted
    Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <SDDC_SHORTNAME> doesn't match any of the subject alternative names: [<SDDC_FQDN>]
    ..
    yyyy-mm-ddThh:mm:ss.zzz+0000 ERROR [vcf_om,<task_id>] [c.v.v.b.p.t.v.v.ResourceStateValidator,pool-2-thread-15] Entity constraint validation with expression T(java.lang.Math).abs(vcEpochSystemTime
     - sddcManagerEpochSystemTime) < 45.0 * 1000 on entity with name <VC_FQDN> of type VcManager failed with exception
    org.springframework.expression.spel.SpelEvaluationException: EL1008E: Property or field 'sddcManagerEpochSystemTime' cannot be found on object of type 'java.util.HashMap' - maybe not public or not valid?

Environment

Vmware Cloud Foundation 9.x

Cause

The precheck workflow cannot connect to the SDDC Manager appliance to retrieve the system time, which results in a false-positive error.

This issue is caused by a TLS verification failure because the SDDC Manager certificate does not include the hostname in the Subject Alternative Name (SAN) list.

Resolution

Regenerate the SDDC Manager certificate and include both the Fully Qualified Domain Name (FQDN) and the short hostname in the Subject Alternative Name (SAN) list. For example:

  • hostname.domain.com
  • hostname

Additional Information

Managing Certificates in VMware Cloud Foundation

Powered by Wolken Software