Erossman
Enthusiast
Enthusiast

AppVol 2.12.1 - Certificate has not been verified

Jump to solution

Hi guys,

can anyone of you confirm that the vcenter certificate verfication in appvol manager get lost again after few days?

We have the vmware self-signed certificate on our vcenter server. We also accept this certificate in appvolumes 2.12.1 with click on accept (machine managers).

After that I can see the message: "Certificate: Using administrator trusted certificate"

If I check this setting after few days its again lost and I have to accept the certificate again. It's doesn't impact the appvol functionality, but I will create a lot of log entries.....

Validating SSL certificate for "VCA.domain.local": Rejected because certificate is neither verified nor trusted

Failed to connect to vSphere at "domain\srvappvol@VCA.domain.local": SSL_connect returned=1 errno=0 state=error: certificate verify failed

Regards,

VM-Master

1 Solution

Accepted Solutions
techguy129
Expert
Expert
  1. Open Control Panel
  2. Select System
  3. Click the Advanced system settings link.
  4. Click Environment Variables. In the section System Variables, Click New.
  5. In the New System Variable window, specify the value of  Variable Name as AVM_DISABLE_VCENTER_SSL_VALIDATION and specify the Variable Value as 1
  6. Click OK. Close all remaining windows by clicking OK.

View solution in original post

11 Replies
Ray_handels
Virtuoso
Virtuoso

Yes we have the exact same issue, it's a known issue for as far as I'm aware. Just make sure to raise a ticket with VMware, they are aware.

0 Kudos
Erossman
Enthusiast
Enthusiast

I reconized that this happens after rebooting the vcenter server.

Why are these "known issues" are not public documented? 

0 Kudos
Ray_handels
Virtuoso
Virtuoso

Indeed restarting the Vcenter triggers it. Strange thing is that we, at first sight, could not reproduce it on our acceptance environment.

0 Kudos
techguy129
Expert
Expert

The current workaround for this is:

Steps:

1:- set env variable AVM_DISABLE_VCENTER_SSL_VALIDATION with value 1 on Management servers

  2:- restart the manager service.

Erossman
Enthusiast
Enthusiast

Hi techguy129,

can you please describe how to set this value on the appvolumes managers?

I open a command prompt and typed in....

"set env variable AVM_DISABLE_VCENTER_SSL_VALIDATION=1"

Is there an option to check this setting?

0 Kudos
techguy129
Expert
Expert
  1. Open Control Panel
  2. Select System
  3. Click the Advanced system settings link.
  4. Click Environment Variables. In the section System Variables, Click New.
  5. In the New System Variable window, specify the value of  Variable Name as AVM_DISABLE_VCENTER_SSL_VALIDATION and specify the Variable Value as 1
  6. Click OK. Close all remaining windows by clicking OK.

View solution in original post

LVANDUIJN
Contributor
Contributor

Had same issue.. this is even more fun when running multiple vCenters under the same SSO...
Then you get the intermediate cert presented instead of the vCenter certs. Causing duplicate cert entry in the database.
This even causes that only one vCenter will work and the others will fail to even mount App Stacks.
Thankfully this quick bypass solves it and will be patched in 2.13

0 Kudos
Erossman
Enthusiast
Enthusiast

Thanks a lot techguy129! This seems to solve the issue.

0 Kudos
Lieven
Enthusiast
Enthusiast

I just heard from VMware that this is indeed a know bug.

A hot patch is available, but needs to be requested separately from VMware Global Support.

The issue will be resolved in a future version of App Volumes

0 Kudos
Ray_handels
Virtuoso
Virtuoso

If it is the 2.12.3.11 hotfix no need to ask for it. We tested it on our managers but still see this specific error message popping up.

We are now running 2.12.3.11 agent (which works quite well just not with all 2.9 appstacks) and 2.12.1.103 manager. For me it seems to be the most stable and quickest combination until now. And believe me I have seen a few Smiley Happy Smiley Happy.

0 Kudos
julatoski
VMware Employee
VMware Employee

This issue has been addressed and deploying the most recent version of App Volumes would provide a more secure option.

Jeff Ulatoski

Senior Product Manager, App Volumes


Jeff Ulatoski
Product Line Manager, App Volumes
0 Kudos