Adding ESXi Host to SDDC Manager fails with SSL Verification Fault (VxRail)
Article ID: 440472
Updated On:
Products
VMware SDDC Manager / VCF Installer
Issue/Introduction
- In SDDC manager GUI one sees:
- Failed to load Host cluster details. Failed to return new hosts.
- Failed to load Host cluster details. Failed to return new hosts.
- Adding a new host to a VxRail cluster via SDDC Manager fails the "Add Host to Cluster", but there is not task in SDDC manager because this issue is before SDDC manager fully engages and is at the VxRail step.
- The task may show a generic failure in the SDDC Manager UI, or an "Inventory version synchronization" warning.
- In domain manager logs you find:
Error fetching hosts com.vmware.vxrail.vcf.hostmanager.error.VxRailHostManagerException: Failed to return new hostsCaused by: com.vmware.evo.sddc.common.vxrail.error.VxRailManagerException: Unable to parse host details in VxRail Managers response messageCaused by: com.vmware.evo.sddc.common.vxrail.error.VxRailManagerException: Unable to fetch details for hosts managed by VxRail ManagerCaused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorexcpetion: validity check failed
- The certificates show as expired in the SDDC manager GUI:
- Domain name has ## expired certificates
- Certificate manager in SDDC manager GUI shows VxRail Manager certificate to be expired
Environment
vCF SDDC manager 5.x
Cause
vCenter certificate and VxRail certificate do not match and as a security measure, no further action should be taken with a mismatched certificate.
Resolution
Contact Dell VxRail support to assist with resolving the issue, if the certificate is expired and cannot be updated from SDDC manager's GUI. Use this KB as reference:
VxRail Management certificate shows expired in SDDC manager
Additional Information
Please provide a log bundle for this issue so that we can further study it.
Feedback
Yes
No
Powered by
