While Integrating Aria Operations for Logs (vRLI) with SDDC Manager, it fails at Install VMware Aria Operations for Logs Content Packs for Management Domain due to Error while creating VMware Aria Operations for Logs session PKIX path building failed
search cancel

 While Integrating Aria Operations for Logs (vRLI) with SDDC Manager, it fails at Install VMware Aria Operations for Logs Content Packs for Management Domain due to Error while creating VMware Aria Operations for Logs session PKIX path building failed

book

Article ID: 424996

calendar_today

Updated On:

Products

VMware SDDC Manager VMware vRealize Log Insight 8.x

Issue/Introduction

Task: Install VMware Aria Operations for Logs Content Packs for Management Domain

Status: Failed 

Description: Install VMware Aria Operations for Logs Content Packs for Management Domain

Progress Messages: A problem has occurred on the server. Please retry or contact the service provider and provide the reference token. A problem has occurred on the server. Please retry or contact the service provider and provide the reference token.

Error Message: A problem has occurred on the server. Please retry or contact the service provider and provide the reference token.

Cause: Error while creating VMware Aria Operations for Logs session PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target unable to find valid certification path to requested target

From domain manager, we could see that it failing with an internal server error:

var/log/vmware/vcf/domainmanager/domainmanager.log

YYYY-MM-DDTHH:MM:SS.854+0000 ERROR [vcf_dm,69609e1f43875133e731b46dadb9a91c,57f9] [c.v.e.s.o.model.error.ErrorFactory,dm-exec-18] [NRPPL5] VCF_ERROR_INTERNAL_SERVER_ERROR Invocation of prefix '' part of task InstallContentPacksInVrli in plugin VrliContractPlugin failed with exception.com.vmware.evo.sddc.common.core.error.InternalServerErrorException: Invocation of prefix '' part of task InstallContentPacksInVrli in plugin VrliContractPlugin failed with exception.1at com.vmware.evo.sddc.orchestrator.core.ProcessingTaskSubscriber.invokeMethod(ProcessingTaskSubscriber.java:447)2at com.vmware.evo.sddc.orchestrator.core.ProcessingTaskSubscriber.processTask(ProcessingTaskSubscriber.java:520)3at4 com.vmware.evo.sddc.orchestrator.core.ProcessingTaskSubscriber.accept(ProcessingTaskSubscriber.java:124)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.base/java.lang.reflect.Method.invoke(Method.java:569)at com.google.common.eventbus.Subscriber.invokeSubscriberMethod(Subscriber.java:85)567at com.google.common.eventbus.Subscriber.lambda8910$dispatchEvent$0(Subscriber.java:71)111213at com.vmware.vcf.common.tracing.TraceRunnable.run(TraceRunnable.java:5914)1516at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)1718at java.base/19java.util.concurren20t.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)at java.base/java.lang.Thread.run(Thread.java:840)Caused by: com.vmware.evo.sddc.common.services.loginsight.api.LogInsightException: Error while creating VMware Aria Operations for Logs sessionat com.vmware.evo.sddc.common.services.loginsight.impl.LogInsightApiConfigurator.getSessionId(LogInsightApiConfigurator.java:270)at com.vmware.evo.sddc.common.services.loginsight.impl.LogInsightApiConfigurator.lambda$getHttpHeaders$0(LogInsightApiConfigurator.java:241)at com.vmware.evo.sddc.common.util.RetriableCallable.call(RetriableCallable.java:182)at com.vmware.evo.sddc.common.services.loginsight.impl.LogInsightApiConfigurator.getHttpHeaders(LogInsightApiConfigurator.java:246)at com.vmware.evo.sddc.common.services.loginsight.impl.LogInsightApiConfigurator.createVrliHttpClient(LogInsightApiConfigurator.java:227)at com.vmware.evo.sddc.common.services.loginsight.impl.LogInsightApiConfigurator.createVrliHttpClient(LogInsightApiConfigurator.java:220)at com.vmware.evo.sddc.common.services.loginsight.impl.LogInsightApiConfigurator.getResourceAsString(LogInsightApiConfigurator.java:209)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.base/java.lang.reflect.Method.invoke(Method.java:569)at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:751)at org.springframework.retry.annotation.AnnotationAwareRetryOperationsInterceptor.invoke(AnnotationAwareRetryOperationsInterceptor.java:163)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)212223at org.springframework.aop.framework.CglibAopProxy242526$CglibMethodInvocation.proceed(CglibAopProxy.java:751)at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:703)2728at com.vmware.evo.sddc.common29.serv30ices.loginsight.impl.LogInsightApiConfigurator$$SpringCGLIB$$

Cause

The vRLI signing certificate is missing from the certificate store for SDDC. 

Resolution

Add the vRLI signing certificate to the certificate store of SDDC:

  • Copy the root certificate to the temp directory on the SDDC Manager.
  • vi /tmp/root.cer to create an empty file with vi.
  • Press i to enter insert mode.
  • Paste the body of the certificate into the root.cer file.
  • Press esc to exit insert mode.
  • Type wq! and hit enter to write your changes to the file and exit the vi editor.
  • Obtain the trusted certificates key by issuing the following command
    pass=$(cat /etc/vmware/vcf/commonsvcs/trusted_certificates.key)
  • Import the certificate into the trusted_certificates_store with the keytool.
    keytool -importcert -alias <aliasname> -file <certificate file> -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store -storepass <trust store key>
    For example:
  • keytool -importcert -alias new_mgmt_root -file /tmp/root.cer -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store -storepass $pass
Powered by Wolken Software