Add ESXi host to cluster fails - Authenticity of the host's SSL certificate is not verified
search cancel

Add ESXi host to cluster fails - Authenticity of the host's SSL certificate is not verified

book

Article ID: 432436

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • Adding a new ESXi host to the cluster via SDDC manager fails at Subtask - Add ESXi host to Datacenter.
  •  /var/log/vmware/vcf/domainmanager/domainmanager.log:

    yyyy-mm-ddThh:mm:ss. DEBUG [vcf_dm] [c.v.e.s.c.c.v.vsphere.VcManagerBase,dm-exec-11]  Task: (MOR:task-####) (Name:addStandaloneHost) Entity: (MOR:group-h#) (Name:host) status: run
    ning. Waiting for its complete
    yyyy-mm-ddThh:mm:ss. WARN  [vcf_dm] [c.v.v.v.c.h.i.HttpProtocolBindingBase,dm-exec-11]  Asynchronous execution requested but no Executor configured. The request will be executed as synchronous one.
    yyyy-mm-ddThh:mm:ss. ERROR [vcf_dm] [c.v.e.s.c.c.v.vsphere.VcManagerBase,dm-exec-11]  Task: (MOR:task-####) (Name:addStandaloneHost) Entity: (MOR:group-h#) (Name:host) is failed
    com.vmware.vim.binding.vim.fault.SSLVerifyFault: Authenticity of the host's SSL certificate is not verified.
    ...
    ...
    yyyy-mm-ddThh:mm:ss ERROR [vcf_dm] [c.v.e.s.c.c.v.vsphere.VcManagerBase,dm-exec-3]  Task information for future track
    {"key":"task-####","task":{"_type":"Task","_value":"task-####","_serverGuid":"####-####-####"},"description":{"key":"com.vmware.vim.vpxd.invtHost.hostSync","arg":[{"key":"host","value":"host_fqdn"}],"message":"Retrieving data from vCenter agent on host_fqdn"},"name":{"_wsdlName":"AddStandaloneHost_Task"},"descriptionId":"Folder.addStandaloneHost","entity":{"_type":"Folder","_value":"group-h5","_serverGuid":"####-####-####"},"entityName":"host","state":"error","cancelled":false,"cancelable":false,"error":{"selfSigned":false,"thumbprint":"AB:##:##:##:##:##:##:##:##:##:##:##:##:##:##:AZ","_msg":"Authenticity of the host's SSL certificate is not verified."

  • Validation of the thumbprint from the ESXi host -

    [root@:~] openssl x509 -in /etc/vmware/ssl/rui.crt -text -fingerprint | grep -i fingerprint
    SHA1 Fingerprint=35:##:##:##:##:##:##:##:##:##:##:##:##:##:##:90

Environment

VMware Cloud Foundation 5.x

Cause

Mismatch of the Host SSL certificate between the host and the SDDC manager.
This can happen if the host certificates were updated after commissioning the host on the SDDC before initiating the task to add the ESXi host to the cluster. 

Resolution

1. Remove the host from the cluster.

2. Decommission the ESXi host from SDDC.

3. Re-add to SDDC 

  • Commission the Host
  • Add the ESXi host to the cluster (without making any changes to the host)

Additional Information

Managing ESXi Hosts in VMware Cloud Foundation

Powered by Wolken Software