VCF 9.x: Missing Certificates and Passwords in VCF Operations UI
search cancel

VCF 9.x: Missing Certificates and Passwords in VCF Operations UI

book

Article ID: 435581

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • After a new deployment of VMware Cloud Foundation (VCF) 9.x, users observe that Certificates and Passwords entries fail to populate or disappear entirely from the VCF Operations interface. While these credentials remain visible and correct within the SDDC Manager UI and CLI, they do not synchronize with the Fleet Management UI.
  • Review of the /var/log/vrlcm/vmware_vrlcm.log on the Fleet Manager appliance reveals connection failures similar to the following:
    ####-##-##T##:##:##.###Z ERROR vrlcm[1278] [pool-3-thread-35] [c.v.v.l.p.c.v.t.BaseConfigureVropsTask]  -- address may be invalid <fleetManager fqdn.com>####-##-##T##:##:##.###Z INFO vrlcm[1278] [pool-3-thread-35] [c.v.v.l.d.v.VropsConnector]  -- url to connect https://<fleetManager fqdn.com>/casa/authorize

####-##-##T##:##:##.###Z ERROR vrlcm[1278] [pool-3-thread-35] [c.v.v.l.p.c.v.t.BaseConfigureVropsTask]  -- address may be invalid <fleetManager fqdn.com>####-##-##T##:##:##.###Z INFO vrlcm[1278] [pool-3-thread-22] [c.v.v.l.d.v.VropsConnector]  -- url to connect https://<fleetManager fqdn.com>/casa/authorize

Environment

VCF Operations 9.x

Cause

  • This issue is caused by a failure in the API handshake between the VCF management components. Specifically, a DNS Misconfiguration where the DNS search suffix in /etc/resolv.conf is incorrectly set to search . 
  • This invalid entry causes Java-based connection tasks to fail or timeout when attempting to resolve internal FQDNs for authorization calls to the Fleet Manager's CASA service.

Resolution

To resolve this issue, you must correct the DNS search suffix on the Fleet Management appliance and restart the management services.

Prerequisite: Take an Offline Snapshot

Before making any changes, ensure you take an offline snapshot of the Fleet Management appliance Virtual Machine to prevent potential issues during the update.

Step 1: Configure DNS search suffix

  1. Login to Fleet management Appliance 

    SSH into the Fleet management Appliance Manager using the root account.

  2. Update DNS Server IPs

    Run the following command:

    nmctl set-dns dev eth0 dns DNS_Server_1,DNS_Server_2

    Note : Replace DNS_Server_1 and DNS_Server_2 with the IP addresses of your primary and secondary DNS servers.

Verification

  1. Verify that the DNS servers have been updated by running:

    cat /etc/resolv.conf

  2. Restart Network Name Resolution Service

    Apply the DNS changes by restarting the service:

    sudo systemctl restart systemd-resolved.service

     

Step 2: Restart Management Services

If the certificates/passwords still do not appear on VCF Operations UI after the DNS correction, restart the management services on the Fleet Manager appliance:

systemctl restart vrlcm-server.service

 

Powered by Wolken Software