I upgraded from vCenter Server Appliance 6.7 to 7.0 (specifically 7.0.0a build 16189094) and when I go to Administration > Certificate Management in the vSphere client, I get the following error:
Is anyone else seeing this issue? Does anyone know of a fix?
Thanks
which account have you logged in as? I suspect it should work if attempted with SSO administrator. Please check the webclient logs at the same time of the error. or share the vcsa logs under /var/log/vmware/vshere-ui/log
thanks,
MS
I tried the root account and the SSO administrator account, and I get the same error.
Here are some entries I found in vsphere_client_virgo.log:
[2020-06-18T12:45:00.498Z] [ERROR] ate-service-thread-pool-1107 com.vmware.vise.vim.vapi.DefaultVapiConnectionControl Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.tls.get
[2020-06-18T12:45:00.509Z] [ERROR] http-nio-5090-exec-100 70003584 100186 200007 com.vmware.vise.mvc.exception.GlobalExceptionHandler Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/machine-cert?endPoint=myservername.mydomainname.com: com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = vapi.method.authentication.required,
defaultMessage = This method requires authentication.,
args = [],
params = <null>,
localized = <null>
}],
data = <null>,
errorType = UNAUTHENTICATED,
challenge = <null>
}
[2020-06-18T12:45:00.632Z] [ERROR] ate-service-thread-pool-1108 com.vmware.vise.vim.vapi.DefaultVapiConnectionControl Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.trusted_root_chains.list
[2020-06-18T12:45:00.641Z] [ERROR] http-nio-5090-exec-122 com.vmware.vise.mvc.exception.GlobalExceptionHandler Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/trusted-root-list?endPoint=myservername.mydomainname.com: com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = vapi.method.authentication.required, defaultMessage = This method requires authentication., args = [], params = , localized = }], data = , errorType = UNAUTHENTICATED, challenge = }
Thanks
I am suspecting issues with STS certificate but unsure if we have a way to check in html5 without using jxplorer tool.. please open SR with GSS
If possible, try to restart vcenter services and does not solve then please open a ticket with GSS
thanks,
MS
I rebooted the server, but still have the issue.
Thanks for the suggestion on the STS certificate. I followed this KB:
When I ran the script, it returned 4 valid certs, and 0 expired certs. So, the STS certificate does not appear to be expired anyway.
Thanks
There should be only one STS cert but you have 4 certs. So I still suspect it to be an issue.. I never mentioned issue with STS expire.. I mentioned issue with STS certificate
thanks,
MS
@Jase_L
Run the script "fixsts" available at VMware Knowledge Base - (KB
This will solve the issue. Follow the instruction in that KB to be able to reset STS Certificate.
Resetting STS Cert resolved the issue.
VMware Knowledge Base (KB 76719)
Hi Jase, did you ever get this one sorted? We have the same issue after upgrading from 6.5 to 7 and converging to embedded PSC's.
Me too... seems to be certificate, or auth issue.
We are getting the same problem. Does anyone have a suggested fix?
Fixsts scripts did not help, regenerating all certs using cer manager didn't help...
Thanks
I had this problem and fixed it by importing the root CA certificate chain.
What worked for us was combining the intermediate with the root in the second field.
We tried initially with adding the root certificate in the Trusted Root Certificate as logically that should have worked, but it seemed adding the root certificate to the intermediate solve the issue with error warning about TLS anchor error. The server restarted and worked as expected.
We did not have to use administrator@vsphere.local or root account to achieve this and just a regular administrator sso user.