Error: "Could not find the current component certificate..." when adding nodes to VCF Operations for Logs 9.0.x cluster
search cancel

Error: "Could not find the current component certificate..." when adding nodes to VCF Operations for Logs 9.0.x cluster

book

Article ID: 428489

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

When attempting to add additional nodes to a VCF Operations for Logs 9.0.x cluster, the expansion wizard fails during the Component section with the following error: Could not find the current component certificate. Use Fleet Management -> Certificates to either add or replace the component certificate.

Symptoms include:

  • You are attempting to use an External CA -Signed certificate

  • The ScaleOut request in '/var/log/vrlcm/vmware_vrlcm.log' on the Fleet Management appliance shows the certificate property as an empty string: "certificate" : "".

  • The ValidateEnvironmentDataTask fails with error code LCMCOMMON80067.

  • The expansion task remains in a Pending or Failed state.

  • The certificate is visible in the Locker when checking via API and Fleet Management > Certificates, but cannot be selected or is "greyed out" during the wizard.

Environment

  • VCF Operations for Logs 9.0.x

  • VCF Operations 9.0,x

  • Fleet Management 9.0.x

Cause

This issue occurs due to a metadata synchronization gap. When a certificate is imported directly into the VCF Operations for Logs appliance before the environment is added to VCF Fleet Management, the subsequent inventory sync populates the certificate in the Locker but fails to trigger the internal isUsable flag or there is a syntax issue with the certificate like extraneous characters or whitespaces. Because of this, the Scale Out process cannot bind the certificate to the new node request.

Resolution

You must use the Replace with Imported Certificate workflow to re-anchor the certificate metadata in the Fleet Management database, ensuring the full certificate chain and no syntax issues when copy/pasting.

  1. Navigate to Fleet Management > Certificates.

  2. Locate the table and select the VCF Operations for Logs component.

  3. Choose the Replace with Imported Certificate action.

  4. If the required certificate has not been imported yet or suspected to be invalidated:

    • Click the ellipses (three dots) menu and choose Import Certificate to ensure proper validation and import

    • NOTE: Only PEM encoded certificates are supported.

  5. Select the proper certificate (including the private key and full chain) from the list.

  6. Wait for the replacement task to complete successfully.

  7. Retry the Add Node expansion wizard.

Additional Information

Replace a Certificate with an External CA-Signed Certificate

Manually validating custom certificate chain PEM file 

Powered by Wolken Software