Hi laurentsd
Plugin Registration Failure.
Issue: Registration of vSphere web client plugin with vCenter 6.5 Server failed to deploy with Error:
VcExtensionManager Downloading plugin package from https://198.18.3.218:8443/root/mypackage.zip (no proxy defined)
Note: the same registration process is working fine with vSphere 6.0 U2 for the said plugin.
vSphere Web Client Version: 6.5.0 Build 4240472
Steps Taken:
Please find the log snippet below:
[2016-09-27T07:24:04.577-07:00] [INFO ] vc-extensionmanager-pool-80 70000082 100007 200005 com.vmware.vise.vim.extension.VcExtensionManager Downloading plugin package from https://198.18.3.218:8443/root/mypackage.zip (no proxy defined)
[2016-09-27T07:24:04.599-07:00] [WARN ] vc-extensionmanager-pool-77 70000082 100007 200005 com.vmware.vise.extensionfw.impl.PackageManifestParser Plugin id mismatch between the registered extension key (com.vmware.vsan.health)
and the id specified in plugin-package.xml (com.vmware.vsphere.client.vsan). The registration id will be used but you should keep them in sync.
[2016-09-27T07:24:04.634-07:00] [ERROR] vc-extensionmanager-pool-80 70000082 100007 200005 com.vmware.vise.vim.extension.VcExtensionManager Package com.plugin.key was not installed!
Error downloading https://198.18.3.218:8443/root/mypackage.zip. Make sure that the URL is reachable then logout/login to force another download. javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.vmware.vise.util.http.ConnectionManager.connect(ConnectionManager.java:255)
at com.vmware.vise.util.http.SimpleHttpClient.connect(SimpleHttpClient.java:236)
at com.vmware.vise.util.http.SimpleHttpClient.executeMethodResponseAsStream(SimpleHttpClient.java:127)
at com.vmware.vise.vim.extension.VcExtensionManager.writePackageToFile(VcExtensionManager.java:940)
at com.vmware.vise.vim.extension.VcExtensionManager.downloadPackage(VcExtensionManager.java:889)
at com.vmware.vise.vim.extension.VcExtensionManager$2.call(VcExtensionManager.java:703)
at com.vmware.vise.vim.extension.VcExtensionManager$2.call(VcExtensionManager.java:694)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at com.vmware.vise.util.concurrent.QueuingCachedThreadPool$QueueProcessor.run(QueuingCachedThreadPool.java:885)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:923)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 27 common frames omitted
[2016-09-27T07:24:04.795-07:00] [INFO ] plugin-deploy11 70000082 100007 200005 com.vmware.vise.extensionfw.impl.PackagesDeployer Deploying plugin package 'com.vmware.vsan.health:6.5.0'.
[2016-09-27T07:24:04.795-07:00] [INFO ] plugin-deploy11 70000082 100007 200005 com.vmware.vise.extensionfw.impl.HotDeployBundleDeployer Copying using temp directory: C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\work\tmp, bundle: com.vmware.vsan.vmodl, to destination: C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\pickup\vsan-vmodl.jar
Query: is there any change in the vSphere plugin registration flow, specifically in terms of security/certificate.
I am also facing similar SSLHanddshake Issue with my plugin .
It seems there is some change in VC6.5 deployment procedure as everything works fine for the plugin till VC6
Suggestion:
Please try running the virgo with java 8.
Question:
How did you perform the registration? Is it your custom tool, did you use vim25.jar, which is the jre version on the machine used to run the registration?
Others:
Please try to avoid "Plugin id mismatch between the registered extension key
and the id specified in plugin-package.xml"
Thanks for comments.
>>>>Please try running the virgo with java 8.
Can you be specific as we are trying on beta worsion of 6.5 not the development server.
>>>>>Please try to avoid "Plugin id mismatch between the registered extension key and the id specified in plugin-package.xml"
ID is same and interestingly similar extension is working fine with 6.0
Hi,
>>>>>>>>Please try running the virgo with java 8.
>>>> Can you be specific as we are trying on beta worsion of 6.5 not the development server.
It is not clear which Web Client you are using: Flex or HTML? On the vCenter or local? Please set JAVA_HOME to refer to a Java 8 location and start the client.
Please also try out the new plugin registration tool which is part of the HTML Client SDK Fling and see if you get the same error.
Cheers,
Vladimir
Thanks
Hi,
I m facing similar issue.
To register the plugin to VCSA 6.5- steps followed:
Run the script at the location :
html-client-sdk\tools\vCenter plugin registration\prebuilt\extension-registration by giving all the arguments required.
the package is available in extension manager.
the logs shows the following error:
vc-extensionmanager-pool-76 70000035 100004 200001 com.vmware.vise.extensionfw.ExtensionManager plugin-package.xml is missing here.
What was the exact problem with the contents? From my experience Java, python and Unix zip library have problem dealing with newer versions of the zip format (as may be saved by versions of WinRAR, for example).
Issue is fixed now tganchev.
Hi laurentsd,
With sha-1 certificate the plugin downloads works fine for me but when the certificate is changed to sha-256, the plugin download fails with the below stack trace:
com.vmware.vise.vim.extension.VcExtensionManager Package com.abc.plugin was not installed. Error downloading https://abc.com/com.abc.plugin.zip. Make sure that the URL is reachable then logout/login to force another download. javax.net.ssl.SSLException: java.lang.reflect.UndeclaredThrowableException
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.vmware.vise.util.http.ConnectionManager.connect(ConnectionManager.java:279)
at com.vmware.vise.util.http.SimpleHttpClient.connect(SimpleHttpClient.java:313)
at com.vmware.vise.util.http.SimpleHttpClient.executeMethodResponseAsStream(SimpleHttpClient.java:204)
at com.vmware.vise.vim.extension.VcExtensionManager.writePackageToFile(VcExtensionManager.java:1064)
at com.vmware.vise.vim.extension.VcExtensionManager.downloadPackage(VcExtensionManager.java:982)
at com.vmware.vise.vim.extension.VcExtensionManager$2.call(VcExtensionManager.java:750)
at com.vmware.vise.vim.extension.VcExtensionManager$2.call(VcExtensionManager.java:741)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at com.vmware.vise.util.concurrent.QueuingCachedThreadPool$QueueProcessor.run(QueuingCachedThreadPool.java:897)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.UndeclaredThrowableException: null
at com.sun.proxy.$Proxy658.checkServerTrusted(Unknown Source)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
... 21 common frames omitted
Caused by: java.lang.reflect.InvocationTargetException: null
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.vmware.vise.util.reflection.ProfilingInvocationHandler.invoke(ProfilingInvocationHandler.java:78)
... 30 common frames omitted
Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:183)
... 35 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:171)
... 35 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 41 common frames omitted
Vcenter 6.5 and Web Client is HTML and JAVA_HOME set to Java 8
Thanks
> With sha-1 certificate the plugin downloads works fine for me but when the certificate is changed to sha-256, the plugin download fails
The doc says to use SHA1 thumbprints: VMware vSphere 6.5 Documentation Library
"
<extension>
...
<server>
<url>https://myhost/helloworld-plugin.zip</url>
<description>
<label>Helloworld</label>
<summary>Helloworld sample plugin</summary>
</description>
<company>VMware</company>
<!-- SHA1 Thumbprint of the server hosting the .zip file -->
<serverThumbprint>
3D:E7:9A:85:01:A9:76:DD:AC:5D:83:1C:0E:E0:3C:F6:E6:2F:A9:97
</serverThumbprint>
<type>HTTPS</type>
<adminEmail>your-email</adminEmail>
</server>
</extension>
"