vmitra
Enthusiast
Enthusiast

Certificate Trust issue - vRA Servers

Hi All,

We are using CA signed certificate in VMware Cloud Servers and we already added respective certificate in Trusted root certification Authority but in log file We are getting below error:

Log file :

vcac: [component="iaas:DynamicOps.DEM.exe" priority="Error" thread="5004"] [sub-thread-Id="21" context=""  token=""] <?xml version="1.0" encoding="utf-16"?>

<boolean>false</boolean>

Workflow 'vSphereSnapshotInventory' failed with the following exception:

  1. System.Data.Services.Client.DataServiceTransportException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> DynamicOps.Common.Client.UntrustedCertificateException: Certificate is not trusted (RemoteCertificateChainErrors). Subject: , OU=*, O=, L=, S=, C=IN Thumbprint:

   at DynamicOps.Common.GlobalCertificateValidationManager.ServerCertificateValidation(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)

   at System.Net.ServerCertValidationCallback.Callback(Object state)

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Net.ServerCertValidationCallback.Invoke(Object request, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)

   at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertValidationCallback remoteCertValidationCallback)

   at System.Net.Security.SslState.CompleteHandshake()

   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

Please find below details of servers :

  • OS version : Windows 2012 R2 Standard – 64 bit
  • vRA Version : vra 7.4

Certificate Details :

  • Valid from : 7/6/2018 to 7/5/2020
  • Signature Algorithm : sha1RSA

Please suggest

0 Kudos
5 Replies
daphnissov
Immortal
Immortal

It looks to be coming from your DEM worker not trusting your vCenter endpoint certificate. Go into your endpoints config in vRA and re-test the connection to your vCenter. Accept the cert warning when presented.

0 Kudos
vmitra
Enthusiast
Enthusiast

Hi Sir,

We are able to test center endpoint successfully but there are no option coming for accepting certificate again

0 Kudos
daphnissov
Immortal
Immortal

What is the certificate that it is complaining about? Where is that assigned? You've removed the information so I can't tell.

0 Kudos
vmitra
Enthusiast
Enthusiast

Hi Sir,

Its a CA signed certificate which is applied for all vRA distributed component with SAN names

0 Kudos
shivaprasada
VMware Employee
VMware Employee

Upload the Root CA certificate into the Trusted Root Store on DEM machine.  After this try restarting the DEM Workers and Orchestrator.

If you have changed certificate on the vCenter Server then would suggest to follow the KB  VMware Knowledge Base

0 Kudos