I'm evaluating vDP and have got the following trouble. After I changed SSL certificate at vCenter server, vDP jobs are failing permanently.
In the log I can see that vDP is trying to connect to the hypervisor where the VM is located. During connect disk mount fails with the error "unable to get local issuer certificate".
I can see that vDP is trying to connect to the port 902. I tried to verify that the certificate is correct using the following command:
echo -n | openssl s_client -connect $SERVERNAME:$PORTNUMBER | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$SERVERNAME.cert
I found that at port 443 certificate is correct, but at port 902 I get the following error:
140735160738656:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
$SERVERNAME here is a FDQN of the hypervisor.
I guess that means that port 902 is not protected with SSL. How can I fix that?
Update:
$ echo -n | openssl s_client -connect $SERVERNAME:902
CONNECTED(00000003)
140735160738656:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I installed ESXi+vCenter+vDP from scratch. Backup works in this configuration. Here is what I see at port 902:
$ echo -n | openssl s_client -connect test-esxi-host-with-self-signed-certs:902
CONNECTED(00000003)
140735160738656:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
In file /space/avamarclient/vddkconfig.ini the option that is responsible for SSL checks is disabled. Why does it fail anyway?
tmpDirectory="/usr/local/avamarclient/var/vmware/temp"
#transport.LogLevel ( 0 = quiet, 6 = most)
vixDiskLib.transport.LogLevel=2
vixDiskLib.disklib.EnableCache=1
#network file copy options
#nfc.LogLevel (0 = none, 1 = Error, 2 = Warning, 3 = Info, 4 = Debug)
vixDiskLib.nfc.LogLevel=2
#xxxTimeoutMS of 0 is no timeout
vixDiskLib.nfc.AcceptTimeoutMs=0
vixDiskLib.nfc.RequestTimeoutMs=0
vixDiskLib.nfc.ReadTimeoutsMs=0
vixDiskLib.nfc.WriteTimeoutsMs=0
vixDiskLib.nfcFssrvr.TimeoutMs=0
#turn off the the SSL certificat verification
vixDiskLib.linuxSSL.verifyCertificates=0
Hi antonio7
I had the same problems on a vSphere 5 environment with VDP 6.1.3 and fixed it though re-configuring VDDK on the VDP appliance:
see http://www.virtuallypeculiar.com/2017/01/vdp-613-esxi-51-compatibility-issues.html
Hot-Add is now working again.
Regards,
jengl