vSphere Auto Deploy service fails after a change to vCenter Server SSL Certificates with the error: Server has wrong SHA1 thumbprint
search cancel

vSphere Auto Deploy service fails after a change to vCenter Server SSL Certificates with the error: Server has wrong SHA1 thumbprint

book

Article ID: 338784

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Your vSphere Auto Deploy service fails
  • In the C:\ProgramData\VMware\VMware vSphere Auto Deploy\logs\ autodeploy.log file, you see entries similar to:

    Exception: Server has wrong SHA1 thumbprint: xxxx2e95a8d961b5ae7444f30c2dd09ca31b3c7f (required) != d15697xxxxf25f0b154cbb4bdfa1a3f4d0146e50 (server)
    <YYYY-MM-DD>T<time>,713 [3460]ERROR:rbd_watchdog_windows:caught exception in thread VC-Monitor
    Traceback (most recent call last):
    File "rbd_watchdog_windows.pyc", line 49, in infiniteLoop
    File "rbd_watchdog_windows.pyc", line 57, in vcMonitor
    File "rbd\waiter\vc_monitor.pyc", line 36, in __init__
    File "pyVmomi\VmomiSupport.pyc", line 536, in __call__
    File "pyVmomi\VmomiSupport.pyc", line 359, in _InvokeAccessor
    File "pyVmomi\StubAdapterAccessorImpl.pyc", line 24, in InvokeAccessor
    File "pyVmomi\SoapAdapter.pyc", line 1153, in InvokeMethod
    File "pyVmomi\SoapAdapter.pyc", line 1238, in GetConnection
    File "pyVmomi\SoapAdapter.pyc", line 863, in _VerifyThumbprint

    </time>

  • This issue occurs after a change to the vCenter Server SSL certificates, for example if you use the SSL Certificate Automation Tool


Environment

VMware vCenter Server 5.5.x
VMware vCenter Server 5.1.x

Cause

This issue occurs if the vCenter Server SSL Certificates have changed after Auto Deploy was installed and registered to vCenter Server. Auto Deploy fails to start as the SSL Certificate thumbprint stored in the Auto Deploy database no longer matches that of the new vCenter Server SSL Certificate.

Resolution

This is a known issue affecting:
  • vCenter Server 5.1
  • vCenter Server 5.5
This issue has been resolved in vCenter Server 5.1 Update 3 and vCenter Server 5.5 Update 2.

To resolve this issue, update vCenter Server to the latest version of vCenter Server 5.1 or vCenter Server 5.5.

To work around this issue, manually edit the Auto Deploy database.
To manually edit the Auto Deploy database:
  1. Take a backup of the Auto Deploy Database.
  2. Using SQLite, or a similar tool, manually edit the vc_servers table in the Auto Deploy database to update the new vCenter Server SSL Certificate thumbprint.

    Note: The default location of the Auto Deploy database is C:\ProgramData\VMware\VMware vSphere Auto Deploy\Data\db.


Additional Information

SQLite is the tool of choice for Auto Deploy database modification. It is a free application and is available for use with Windows. You can download SQLite from the SQLite Download Page. To use a GUI-based editor, download the SQLite Database Browser.

Note: The preceding link was correct as of May 3, 2017. If you find the link is broken, provide feedback and a VMware employee will update the link.
To be alerted when this document is updated, click the Subscribe to Article link in the Actions box.
Troubleshooting vSphere Auto Deploy
vCenter Server SSL 証明書を変更した後に vSphere Auto Deploy サービスが次のエラーで失敗する: サーバに不正な SHA1 サムプリントが含まれています

Powered by Wolken Software