0 Replies Latest reply on Sep 16, 2019 6:17 PM by vishy3

    Replication Plugin Certificate mismatch

    vishy3 Novice

      I am facing this issue using VR plugin 8.1.2 or even 8.2.0 using standalone vRO 7.4 or even embedded vRA/vRO 7.4 with vCenter 6.5 Version 6.5.0.20000 Build 9451637


      So far uninstalling plugin/re-install, restart vCO configuration/vco-server didnt help. Updated proper certificate on vRO/import certificate in VRO. Any idea how to fix this...

       

      Log history captured below

       

      16/09/201909:57:08.425

      2019-09-15 23:57:08.425+0000 vco: [component="VcoDelegatingWebFacade" priority="ERROR" thread="http-nio-127.0.0.1-8280-exec-7" user="" context="" token="" wfid="" wfname="" anctoken="" wfstack="" instanceid="41297bfe-a61c-462b-9d69-6137f383674c"] Server Error...

      1. ch.dunes.model.sdk.SDKFinderException: Unable to execute 'fetchRelation' for type : Site : com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

               at ch.dunes.vso.sdk.SDKFinder.logAndThrow(SDKFinder.java:914)

               at ch.dunes.vso.sdk.SDKFinder.fetchRelation(SDKFinder.java:387)

               at ch.dunes.vso.sdk.SDKFinder._findRelation(SDKFinder.java:352)

               at ch.dunes.vso.sdk.SDKFinder.findRelation(SDKFinder.java:267)

               at ch.dunes.vso.sdk.ModulesFactory.findRelation(ModulesFactory.java:654)

               at com.vmware.o11n.sdk.EnhancedScriptingSDK.findRelation(EnhancedScriptingSDK.java:136)

               at com.vmware.o11n.service.sdk.SdkModuleServiceImpl.findRelation(SdkModuleServiceImpl.java:79)

               at com.vmware.o11n.service.factory.VcoFactoryFacade.findRelation(VcoFactoryFacade.java:1902)

               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

               at java.lang.reflect.Method.invoke(Method.java:498)

               at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:98)

               at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:89)

               at com.vmware.o11n.service.webremoting.VcoDelegatingWebFacade.invokeOperation(VcoDelegatingWebFacade.java:105)

               at com.vmware.o11n.integration.initialization.VcoFactoryServiceFacadeProxy.invokeOperation(VcoFactoryServiceFacadeProxy.java:86)

               at sun.reflect.GeneratedMethodAccessor402.invoke(Unknown Source)

               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

               at java.lang.reflect.Method.invoke(Method.java:498)

               at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)

               at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)

               at com.sun.proxy.$Proxy24.invokeOperation(Unknown Source)

               at sun.reflect.GeneratedMethodAccessor401.invoke(Unknown Source)

               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

               at java.lang.reflect.Method.invoke(Method.java:498)

               at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)

               at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39)

               at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)

               at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)

               at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:80)

               at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67)

               at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

               at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)

               at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)

               at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:215)

               at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at com.vmware.o11n.web.auth.http.TokenAuthenticationFilter.doFilter(TokenAuthenticationFilter.java:67)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)

               at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)

               at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)

               at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

               at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)

               at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)

               at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)

               at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)

               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

               at com.vmware.o11n.service.spring.bootstrap.SecureSerializationFilter.doFilter(SecureSerializationFilter.java:30)

               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

               at net.sf.ehcache.constructs.web.filter.GzipFilter.doFilter(GzipFilter.java:95)

               at net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:86)

               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

               at com.vmware.o11n.service.spring.bootstrap.WebRemotingActiveNodeFilter.doFilter(WebRemotingActiveNodeFilter.java:38)

               at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

               at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

               at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

               at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

               at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:613)

               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

               at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)

               at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)

               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)

               at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)

               at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

               at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)

               at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)

               at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

               at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

               at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

               at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

               at java.lang.Thread.run(Thread.java:748)

      Caused by: java.lang.reflect.InvocationTargetException

               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

               at java.lang.reflect.Method.invoke(Method.java:498)

               at ch.dunes.vso.sdk.DirectInvoker.invoke(DirectInvoker.java:57)

               at ch.dunes.vso.sdk.SDKPluginFactoryInvoker.fetchRelation(SDKPluginFactoryInvoker.java:47)

               at ch.dunes.vso.sdk.SDKFinder.fetchRelation(SDKFinder.java:377)

               ... 94 more

      Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

               at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:250)

               at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:51)

               at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226)

               at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:110)

               at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:580)

               at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:561)

               at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:347)

               at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:307)

               at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:181)

               at com.sun.proxy.$Proxy467.list(Unknown Source)

               at com.vmware.hms.o11n.connection.impl.server.LsClient.getVcServiceRegistrationList(LsClient.java:69)

               at com.vmware.hms.o11n.connection.impl.server.LsClient.getVcServiceRegistration(LsClient.java:58)

               at com.vmware.hms.o11n.connection.impl.server.VcRegistrationLsCheck.<init>(VcRegistrationLsCheck.java:31)

               at com.vmware.hms.o11n.model.builder.VcEndpointBuilder.build(VcEndpointBuilder.java:33)

               at com.vmware.hms.o11n.model.builder.VcRemoteSiteBuilder.build(VcRemoteSiteBuilder.java:44)

               at com.vmware.hms.o11n.model.builder.VcRemoteSiteBuilder.build(VcRemoteSiteBuilder.java:33)

               at com.vmware.hms.o11n.model.Site.getVcRemoteSites(Site.java:61)

               at com.vmware.hms.o11n.model.finder.SiteToVcRemoteSiteRelationFinder.findChilrenInRelationFor(SiteToVcRemoteSiteRelationFinder.java:14)

               at com.vmware.hms.o11n.HmsPluginFactory.findChildrenInRelation(HmsPluginFactory.java:125)

               at com.vmware.o11n.plugin.sdk.spring.AbstractSpringPluginFactory.findRelation(AbstractSpringPluginFactory.java:134)

               ... 101 more

      Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

               at com.vmware.vim.vmomi.client.http.impl.ClientExceptionTranslator.translate(ClientExceptionTranslator.java:54)

               ... 121 more

      Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified

               at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.handleHandshakeException(ThumbprintTrustManager.java:511)

               at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:361)

               at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.verifyHostname(VlsiSslSocketFactory.java:129)

               at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.createLayeredSocket(VlsiSslSocketFactory.java:122)

               at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.connectSocket(VlsiSslSocketFactory.java:88)

               at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

               at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)

               at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)

               at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)

               at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)

               at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

               at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)

               at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

               at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

               at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

               at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:45)

               ... 119 more

      Caused by: javax.net.ssl.SSLHandshakeException: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

               at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

               at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)

               at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)

               at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)

               at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)

               at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

               at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)

               at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)

               at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)

               at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)

               at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)

               at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)

               at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:359)

               ... 133 more

      Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

               at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:183)

               at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)

               at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)

               ... 141 more

      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target