VMware Cloud Community
sutter
Enthusiast
Enthusiast
‎09-29-2016 02:38 PM

ESXi v5.5 U3 SSL Certificate not "checking in"

Curious if anyone else has seen this.  I enable HA on the cluster and I have a host that won't join HA, the error comes out as HA is unavailable.  Checking the fdm log I see the below error.

Its not like normal SSL errors where the cert is bad, the problem is the new cert is good its just not being accepted.  For the peer thumbprint it shows the thumbprint of the new cert, for the expectedthumbprint it shows the old cert.  For whatever reason it just won't look for the new one even though the cert is perfectly fine.  Any way to force vCenter to look for the new one?  Its like its just not registering for some reason.

I've done all the basic stuff like remove it from the cluster and add it back in.  Restart it, restart management agents.  I even emptied the cluster out completly and added everything back, same answer.

2016-09-29T21:26:39.307Z [FFE46B70 verbose 'Cluster' opID=SWI-58bbb19f] [ClusterManagerImpl::AddBadIP] IP HA_MASTER_IP marked bad for reason Unreachable IP

2016-09-29T21:26:39.307Z [FFE46B70 info 'Message' opID=SWI-58bbb19f] Destroying connection

2016-09-29T21:26:39.317Z [FFF09B70 error 'Message' opID=SWI-586358c] [MsgConnectionImpl::FinishSSLConnect] Error N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:

--> PeerThumbprint: NEW_THUMBRPINT

--> ExpectedThumbprint: OLD_THUMBPRINT

--> ExpectedPeerName: host-57

--> The remote host certificate has these problems:

-->

--> * Host name does not match the subject name(s) in certificate.

-->

--> * unable to get local issuer certificate) on handshake

2016-09-29T21:26:39.317Z [FFF09B70 warning 'Election' opID=SWI-586358c] [MasterVerificationInfo::ConnectComplete] Failed to connect to master host-57

2016-09-29T21:26:39.317Z [FFF09B70 verbose 'Election' opID=SWI-586358c] [ClusterElection::AddInvalidMaster] Added invalid master host-57

2016-09-29T21:26:39.317Z [FFF09B70 warning 'Election' opID=SWI-586358c] [ClusterElection::UpdateInvalidMasterCountMap] Host host-57 has been declared invalid 21 times

2016-09-29T21:26:39.317Z [FFF09B70 info 'Message' opID=SWI-586358c] Destroying connection

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Cluster' opID=SWI-6058ed8] [ClusterManagerImpl::IsBadIP] HA_MASTER_IP is bad ip

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Election' opID=SWI-6058ed8] CheckVersion: Version[2] Other host GT : 59261 > 0

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Cluster' opID=SWI-6058ed8] [ClusterPersistence::VersionChange] version[2] 59261 from host-57,HA_MASTER_IP

2016-09-29T21:26:40.295Z [FFCC1B70 info 'Cluster' opID=SWI-6058ed8] [ClusterPersistence::VersionChange] fetching version[2] 59261 from host-57,HA_MASTER_IP

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Cluster' opID=SWI-6058ed8] [ClusterManagerImpl::IsBadIP] HA_MASTER_IP is bad ip

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Election' opID=SWI-6058ed8] CheckVersion: Version[2] Other host GT : 59261 > 0

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Cluster' opID=SWI-6058ed8] [ClusterPersistence::VersionChange] version[2] 59261 from host-57,HA_MASTER_IP

2016-09-29T21:26:40.295Z [FFCC1B70 verbose 'Cluster' opID=SWI-6058ed8] [ClusterPersistence::VersionChange] Already fetching newer version 59261 > 59261

2016-09-29T21:26:40.307Z [FFC80B70 error 'Message' opID=SWI-1f3c266a] [MsgConnectionImpl::FinishSSLConnect] Error N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:

0 Kudos
1 Reply
Daishin
Contributor
Contributor
‎05-13-2019 03:58 PM

I'm experiencing the same thing in my environment. Did you ever find the solution?

0 Kudos