A blank “Import a vCenter” wizard is displayed when attempting to add a workload domain from VCF Operations.
search cancel

A blank “Import a vCenter” wizard is displayed when attempting to add a workload domain from VCF Operations.

book

Article ID: 435669

calendar_today

Updated On:

Products

VCF Operations VMware SDDC Manager / VCF Installer

Issue/Introduction

  • “Import a vCenter” wizard appears blank when attempting to add a workload domain from VCF Operations.

  • Navigating to VCF Operations → Fleet Management → Lifecycle → VCF Instances → VCF Instance results in a blank page.



  • Workflows such as “Create New…” and “Import a vCenter” while adding workload domain remains stuck indefinitely in a loading or blank state.

  • Logs on VCF Operations located at /storage/log/vcops/log/web-vcf.log shows entries similar to:

    YYYY-MM-DDThh:mm:ss INFO  web-vcf 1717 [ops@4413 threadId="225" threadName="ajp-nio-127.0.0.1-8009-exec-18"] [com.vmware.vrops.secure.connection.ndc.NdcTrustManager.handleUntrustedServerCertificateChain] - Refreshing certificate
    YYYY-MM-DDThh:mm:ss WARN  web-vcf 1717 [ops@4413 threadId="225" threadName="ajp-nio-127.0.0.1-8009-exec-18"] [com.vmware.vrops.secure.connection.ndc.NdcTrustManager.refresh] - Failed to parse response and fetch certificate. Url https://<SDDC-FQDN>:443/v1/certificate-management/certificate-bundle. Cannot verify JWS signature: unable to locate signature verification key for JWS with header: {kid=55bb5e92d38f64axxxxxxxxxxxxxxxxxxxxxxxxxxxx373ae714324d47ba2bc89, alg=RS512}
    YYYY-MM-DDThh:mm:ss WARN  web-vcf 1717 [ops@4413 threadId="225" threadName="ajp-nio-127.0.0.1-8009-exec-18"] [com.vmware.vrops.secure.connection.ndc.NdcTrustManager.handleUntrustedServerCertificateChain] - Failed to refresh certificate for address <SDDC-FQDN>/<SDDC-IP>:443
    YYYY-MM-DDThh:mm:ss ERROR web-vcf 1717 [ops@4413 threadId="225" threadName="ajp-nio-127.0.0.1-8009-exec-18"] [com.vmware.vcf.operations.ui.proxy.ProxyUtil.error] - Error occurred while serving the path: vcf-operations/plug/sddc-108/plugin/ops-plugin/index.html.
    YYYY-MM-DDThh:mm:ss ERROR web-vcf 1717 [ops@4413 threadId="225" threadName="ajp-nio-127.0.0.1-8009-exec-18"] [com.vmware.vcf.operations.ui.proxy.ProxyUtil.error] - PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]
            at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
    .
    .
    .
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

VCF Operations 

VCF 9.0

Cause

This issue occurs due to a certificate trust failure between VCF Operations and SDDC Manager or certificate chain is not trusted, resulting in UI components failing to load.

Resolution

To resolve the issue, re-establish certificate trust between VCF Operations and SDDC Manager:

1. Replace certificates using vCenter VMCA as outlined in Broadcom KB 336778.

2. Navigate to VCF Operations → Administration → Trust Management

  • Remove any outdated or invalid SDDC-related certificates.

3. Navigate to VCF Operations → Administration → Integrations → VCF Adapter

  • Edit the adapter instance and revalidate the connection.
  • Accept the updated certificate thumbprint when prompted.
Powered by Wolken Software