To rectify this, delete the SMS certificate, unregister the offline providers, and restart the SPS service to register the storage providers with the SHA256 certificate. The below steps can also be used to reset the storage providers for troubleshooting.
Please take an offline snapshot and/or backup of all nodes in the SSO domain. Do not skip this step.
1. Stop the Storage Provider Service: service-control --stop vmware-sps
2. Delete the SMS certificate from VECS: /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store sms --alias sms_self_signed
3. Start the SPS service: service-control --start vmware-sps
This will have the effect of SMS self-signed certificate re-generated with sha256withRSAEncryption signing algorithm and this certificate will now be FIPS compliant. Regeneration of the cert will also cause all the storage providers to go offline as it's a new cert and no longer trusted; meaning step 5 will unregister them and clear them out.
4. After step 3 above, Wait for some time for SPS service to get into initialized state and health status is GREEN. Use the wget command above to check. Initialisation can take a long time.
5. Once after storage providers list is updated and providers are listed (there will be providers listed with offline/disconnected state), run the python script "unreg_vasa.py" and capture the output (needed only in case if the steps doesn't resolve the issue),
python unreg_vasa.py -s <VC_IP_ADDRESS>
NOTE: <VC_IP_ADDRESS> above need to be replaced with actual values.
NOTE: The script waits 5 seconds between unregistering each VP. Please wait for it to finish.
6. Restart vmware-sps service: vmon-cli -r sps
This will have the effect of all the IOFilter VPs that was unregistered in step 5 to get registered again.