VMware Cloud Community
pizzle85
Expert
Expert
‎12-24-2015 07:56 AM
Jump to solution

vRA Installation Wizard Install Failure "[ VAThumbprint; ] do not exists for command [ install-web ]"

Has anyone had this issue and gotten around it? I tried reinstalling the IaaS management agent but that didnt help.

This is the error from the IaaS management agent logs on my active IaaS server. It has all the IaaS roles configured to be installed.

[UTC:2015-12-24 13:56:40 Local:2015-12-24 08:56:40] [Error]: Thread-Id="5" - context=""  token="" Microsoft.Practices.Unity.ResolutionFailedException: Resolution of the dependency failed, type = "VMware.Cafe.IManagementEndpointClient", name = "(none)".

Exception occurred while: Calling constructor VMware.Cafe.ManagementEndpointClient(System.Uri baseAddress, VMware.Cafe.ManagementEndpointSecurityContext authenticationContext, VMware.Cafe.TrustedCertificatePredicate trustCertificatePredicate).

Exception is: CryptographicException - Keyset does not exist

-----------------------------------------------

At the time of the exception, the container was:

  Resolving VMware.Cafe.ManagementEndpointClient,(none) (mapped from VMware.Cafe.IManagementEndpointClient, (none))

  Calling constructor VMware.Cafe.ManagementEndpointClient(System.Uri baseAddress, VMware.Cafe.ManagementEndpointSecurityContext authenticationContext, VMware.Cafe.TrustedCertificatePredicate trustCertificatePredicate)  ---> System.Security.Cryptography.CryptographicException: Keyset does not exist

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)

   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()

   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

   at VMware.Cafe.Certificates.SignString(X509Certificate2 cert, String input)

   at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate, TimeSpan timeout)

   at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate)

   at BuildUp_VMware.Cafe.ManagementEndpointClient(IBuilderContext )

   at Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context)

   at Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context)

   at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)

   --- End of inner exception stack trace ---

   at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)

   at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, String name, IEnumerable`1 resolverOverrides)

   at Microsoft.Practices.Unity.UnityContainerExtensions.Resolve[T](IUnityContainer container, ResolverOverride[] overrides)

   at VMware.IaaS.Management.Agent.ManagementEndpointService.get_Client()

   at VMware.IaaS.Management.Agent.ManagementEndpointService.<RetrieveNextPendingCommandAsync>d__6.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()

   at VMware.IaaS.Management.Agent.ManagementAgent.<<ProcessNextPendingCommandAsync>b__8>d__c.MoveNext()

--- End of stack trace from previous location where exception was thrown ---

   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

   at VMware.IaaS.Management.Agent.ManagementAgent.<ExecutePeriodicAction>d__5.MoveNext()

INNER EXCEPTION: System.Security.Cryptography.CryptographicException: Keyset does not exist

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)

   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)

   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()

   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

   at VMware.Cafe.Certificates.SignString(X509Certificate2 cert, String input)

   at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate, TimeSpan timeout)

   at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate)

   at BuildUp_VMware.Cafe.ManagementEndpointClient(IBuilderContext )

   at Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context)

   at Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context)

   at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)

1 Solution

Accepted Solutions
pizzle85
Expert
Expert
‎03-08-2016 03:55 AM
Jump to solution

Sorry for not responding to my own community post!

In my case this was related to the identity manager administrative account password containing invalid characters (administrator@vsphere.local). There was a vCAC SSO 5.5 KB about this but i'm not able to find it. The link below is pretty close, i basically stayed away from the special characters in the list at the link below and was able to install.

VMware KB: Installing vCenter Single Sign-On 5.5 fails if the password for administrator@vsphere.loc...

View solution in original post

6 Replies
JonSaund
Contributor
Contributor
‎01-07-2016 02:43 PM
Jump to solution

Have you tried adding the Management Agent Service account to the local Administrators group?

dwtuggle_
Contributor
Contributor
‎02-29-2016 09:14 AM
Jump to solution

I thought I'd post in case someone else comes across this. We had the exact error and the fix was to make the service account used for IAAS was a member of the local admin group. In our case it was a standard user and once we made it a local admin, rebooted, the error went away and we could then get the time offset error to go away which is what lead us to this forum/post.

gradinka
VMware Employee
VMware Employee
‎03-01-2016 10:24 PM
Jump to solution

yes, seems like that user (being used for installation) cannot access the keystored

0 Kudos
Susie1703
Contributor
Contributor
‎03-08-2016 01:51 AM
Jump to solution

Hi Guys,

I got the same Problem and still don't know why! put the systemacount into local admins group, added certificates, restarted and still the same failure.

don't know what to do anymore.

0 Kudos
pizzle85
Expert
Expert
‎03-08-2016 03:55 AM
Jump to solution

Sorry for not responding to my own community post!

In my case this was related to the identity manager administrative account password containing invalid characters (administrator@vsphere.local). There was a vCAC SSO 5.5 KB about this but i'm not able to find it. The link below is pretty close, i basically stayed away from the special characters in the list at the link below and was able to install.

VMware KB: Installing vCenter Single Sign-On 5.5 fails if the password for administrator@vsphere.loc...

Susie1703
Contributor
Contributor
‎03-10-2016 10:57 PM
Jump to solution

I fugered it out... for me it helped creating new certificates in the wizard. problem solved!

0 Kudos