Log forwarding breaks after upgrade of Aria Operations for Logs
Article ID: 423161
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
After upgrading Aria Operations for Logs, log forwarding breaks after approximately 06 days.
liagents stops log forwarding and agents showing as Disconnected in the UI . While the UI remains responsive and the service appears active.SSL certificate issues reported in runtime.log:
[YYYY-MM-DD HH:MM:SS] ["netty-event-loop-21"/##.###.#.## ERROR] [play.core.server.netty.PlayRequestHandler] [Exception caught in Netty]
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
...
Caused by: javax.net.ssl.SSLException: org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
...
Caused by: org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
...
Caused by: org.bouncycastle.crypto.IllegalKeyException: Attempt to sign/verify with RSA modulus already used for encrypt/decrypt.Environment
Aria Operations for Logs 8.18.x
Cause
Identified as an SSL/TLS certificate issue related to the use of custom CA certificates.
Log snippet above revealed fatal errors, specifically
javax.net.ssl.SSLException, TlsFatalAlert: internal_error(80), and an IllegalKeyException indicating an attempt to sign/verify with an RSA modulus already used for encrypt/decrypt."Require SSL Connection" setting for API calls was disabled, and enabling it immediately caused agent disconnections, further indicating a certificate conflict.
Resolution
The issue gets resolved by reverting the custom CA-signed certificates to the default VMware self-signed certificates.
Additional Information
Restarting the
loginisght service temporarily restores forwarding for a period of 02 to 06 days before the failure recurred. This can be done to keep logs going while renewing the custom CA certificate as per: Install a Custom SSL Certificate.Additional reference: Install a custom certificate in VMware Aria Operations for Logs 8.18.x.
Feedback
Yes
No
Powered by
