Has anyone had this issue and gotten around it? I tried reinstalling the IaaS management agent but that didnt help.
This is the error from the IaaS management agent logs on my active IaaS server. It has all the IaaS roles configured to be installed.
[UTC:2015-12-24 13:56:40 Local:2015-12-24 08:56:40] [Error]: Thread-Id="5" - context="" token="" Microsoft.Practices.Unity.ResolutionFailedException: Resolution of the dependency failed, type = "VMware.Cafe.IManagementEndpointClient", name = "(none)".
Exception occurred while: Calling constructor VMware.Cafe.ManagementEndpointClient(System.Uri baseAddress, VMware.Cafe.ManagementEndpointSecurityContext authenticationContext, VMware.Cafe.TrustedCertificatePredicate trustCertificatePredicate).
Exception is: CryptographicException - Keyset does not exist
-----------------------------------------------
At the time of the exception, the container was:
Resolving VMware.Cafe.ManagementEndpointClient,(none) (mapped from VMware.Cafe.IManagementEndpointClient, (none))
Calling constructor VMware.Cafe.ManagementEndpointClient(System.Uri baseAddress, VMware.Cafe.ManagementEndpointSecurityContext authenticationContext, VMware.Cafe.TrustedCertificatePredicate trustCertificatePredicate) ---> System.Security.Cryptography.CryptographicException: Keyset does not exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at VMware.Cafe.Certificates.SignString(X509Certificate2 cert, String input)
at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate, TimeSpan timeout)
at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate)
at BuildUp_VMware.Cafe.ManagementEndpointClient(IBuilderContext )
at Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context)
at Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context)
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
--- End of inner exception stack trace ---
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, String name, IEnumerable`1 resolverOverrides)
at Microsoft.Practices.Unity.UnityContainerExtensions.Resolve[T](IUnityContainer container, ResolverOverride[] overrides)
at VMware.IaaS.Management.Agent.ManagementEndpointService.get_Client()
at VMware.IaaS.Management.Agent.ManagementEndpointService.<RetrieveNextPendingCommandAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at VMware.IaaS.Management.Agent.ManagementAgent.<<ProcessNextPendingCommandAsync>b__8>d__c.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at VMware.IaaS.Management.Agent.ManagementAgent.<ExecutePeriodicAction>d__5.MoveNext()
INNER EXCEPTION: System.Security.Cryptography.CryptographicException: Keyset does not exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at VMware.Cafe.Certificates.SignString(X509Certificate2 cert, String input)
at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate, TimeSpan timeout)
at VMware.Cafe.ManagementEndpointClient..ctor(Uri baseAddress, ManagementEndpointSecurityContext authenticationContext, TrustedCertificatePredicate trustCertificatePredicate)
at BuildUp_VMware.Cafe.ManagementEndpointClient(IBuilderContext )
at Microsoft.Practices.ObjectBuilder2.BuildPlanStrategy.PreBuildUp(IBuilderContext context)
at Microsoft.Practices.ObjectBuilder2.StrategyChain.ExecuteBuildUp(IBuilderContext context)
at Microsoft.Practices.Unity.UnityContainer.DoBuildUp(Type t, Object existing, String name, IEnumerable`1 resolverOverrides)
Sorry for not responding to my own community post!
In my case this was related to the identity manager administrative account password containing invalid characters (administrator@vsphere.local). There was a vCAC SSO 5.5 KB about this but i'm not able to find it. The link below is pretty close, i basically stayed away from the special characters in the list at the link below and was able to install.
Have you tried adding the Management Agent Service account to the local Administrators group?
I thought I'd post in case someone else comes across this. We had the exact error and the fix was to make the service account used for IAAS was a member of the local admin group. In our case it was a standard user and once we made it a local admin, rebooted, the error went away and we could then get the time offset error to go away which is what lead us to this forum/post.
yes, seems like that user (being used for installation) cannot access the keystored
Hi Guys,
I got the same Problem and still don't know why! put the systemacount into local admins group, added certificates, restarted and still the same failure.
don't know what to do anymore.
Sorry for not responding to my own community post!
In my case this was related to the identity manager administrative account password containing invalid characters (administrator@vsphere.local). There was a vCAC SSO 5.5 KB about this but i'm not able to find it. The link below is pretty close, i basically stayed away from the special characters in the list at the link below and was able to install.
I fugered it out... for me it helped creating new certificates in the wizard. problem solved!