I attempted to replace my machine cert on my VCSA server. After a few attempts I gave up and performed a full certificate reset using the `/usr/lib/vmware-vmca/bin/certificate-manager` tool.
Now I'm seeing the following errors in the UI when looking at any Health or vSAN information. Anyone know how to resolve this? I upgraded to 6.7.0.40000 and that didn't help.
in my /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log I see lots of:
Caused by: com.vmware.vsphere.client.vsandp.core.sessionmanager.common.NotAccessibleException: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match
at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.PbmClient.getConnection(PbmClient.java:70)
at com.vmware.vsphere.client.vsan.base.impl.PbmDataProvider.getProfileIds(PbmDataProvider.java:181)
at com.vmware.vsphere.client.vsan.base.impl.PbmDataProvider.getStoragePolicies(PbmDataProvider.java:131)
at com.vmware.vsphere.client.vsan.base.impl.PbmDataProvider.getObjectCompatibleStoragePolicies(PbmDataProvider.java:118)
... 119 common frames omitted
Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:256)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:56)
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226)
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:106)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:629)
...
Hi Vijay2027, could you please also send me the commands? I have exact the same problem.
Thank you very much.
Please look at the comment from irvingpop_chef
"you were right, it was definitely a complex and not self-fixable issue. I had a number of services that were running with the wrong certificate. GSS provided me with a script that fixed them all."
Please contact GSS.
Hey, I am also facing the same problem, can you tell me the command they sent you ?
For me, this error is always fixed by just logging out and logging in again... (before, I was always deleting cookies, which also logs me out, but not even that seems necessary).
Latest vCenter 7, super annoying. Also tags are "disappearing" (just not shown), but they're there if I use another PC/browser/delete cookies....
Sorry, but I'm kinda new to this.
I have the same issue here after our certs expired and I tried to renew them by myself.
What exactly is GSS and how do I contact them?
Thank you
GSS = Global Support Services
In other words, what most would call "tech support" (although they help with less tech stuff too)
However they are now known as Global Services, and you can contact them via this: Support Contact Options - VMware
Faced the same issue :
Virgo logs gave :
++++++
Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
++++++
Fixed the mismatch and the Skyline health was fine.
Do you have the script?
Where is the script? Same needed here.
That is nice and simple. Solved my same problem too. but the main problem is low CPU. Probably you should increase CPU for centre vm
Hello. Do you still have the commands you DM'd to people in this post? I have the same issue, and it looks like all my certs are good. I received it after doing my machine cert.
My other location also cannot see me in the vcenter client anymore, but I can see them.
Thank you in advance!