VMware Cloud Community
burlbn
Contributor
Contributor
‎09-21-2015 01:26 PM

vim-cmd has stopped working for some commands (getallvms works, but power.off no longer works, etc.)

On ESXi 5.5, have been successfully using vim-cmd to power on/off VMs, but it has stopped working (was working last week).

Commands like 'vim-cmd vmsvc/getallvms' are working - but, 'vim-cmd vmsvc/power.off foobar' do not.

If I run 'vim-cmd -d trivia vmsvc/power.off foobar', then I can see that perhaps this is a certificate problem:

2015-09-21T13:20:44.138Z [FFDC85B0 info 'Default'] Logging uses fast path: true


2015-09-21T13:20:44.138Z [FFDC85B0 info 'Default'] Handling bora/lib logs with VmaCore facilities


2015-09-21T13:20:44.138Z [FFDC85B0 info 'Default'] Initialized channel manager


2015-09-21T13:20:44.138Z [FFDC85B0 info 'Default'] Current working directory: /


2015-09-21T13:20:44.139Z [FFE2BB70 info 'ThreadPool'] Thread enlisted


2015-09-21T13:20:44.139Z [FFE6CB70 info 'ThreadPool'] Thread enlisted


2015-09-21T13:20:44.140Z [FFEADB70 info 'ThreadPool'] Thread enlisted


2015-09-21T13:20:44.140Z [FFEEEB70 info 'ThreadPool'] Thread enlisted


2015-09-21T13:20:44.140Z [FFDC85B0 info 'ThreadPool'] Thread pool on asio: Min Io, Max Io, Min Task, Max Task, Max Concurency: 2, 200, 2, 10, 2147483647


2015-09-21T13:20:44.140Z [FFDC85B0 info 'ThreadPool'] Thread enlisted


2015-09-21T13:20:44.143Z [FFDC85B0 info 'Default'] Vmacore::InitSSL: handshakeTimeoutUs = 20000000


2015-09-21T13:20:44.143Z [FFDC85B0 info 'SysCommandPosix'] ForkExec(/usr/libexec/hostd/nssquery)  75710


2015-09-21T13:20:44.147Z [FFE2BB70 error 'HttpConnectionPool-000000'] [ConnectComplete] Connect failed to <cs p:1f3004a8, TCP:localhost:443>; cnx: (null), error: N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:


--> PeerThumbprint: XX:49:XX:84:67:XX:24:43:XX:2C:D3:XX:55:44:XX:42:70:XX:4C:XX


--> ExpectedThumbprint:


--> ExpectedPeerName: localhost


--> The remote host certificate has these problems:


-->


--> * Host name does not match the subject name(s) in certificate.


-->


--> * unable to get local issuer certificate)


2015-09-21T13:20:44.147Z [FFDC85B0 info 'vmomi.soapStub[0]'] Resetting stub adapter for server <cs p:1f3004a8, TCP:localhost:443> : Closed


(vim.fault.NotFound) {


   dynamicType = <unset>,


   faultCause = (vmodl.MethodFault) null,


   msg = "Unable to find a VM corresponding to "foobar"",


}

The "ExpectedThumbprint:" being empty seems suspect...

* I see nothing in logs that is of help.. 

* The certificate in /etc/vmware/ssl seems to be valid (does not expire until 2026)

* /etc/hosts has an entry for localhost - the CN in the cert is for 'localhost.localdomain'

* the licenses are valid...

Any help on where to dig next would be appriciated...

Thanks!

Tags (2)
4 Replies
unsichtbare
Expert
Expert
‎09-21-2015 03:48 PM

We saw this in diskless installs of ESXi that did not have the scratch redirected. See: VMware KB: Creating a persistent scratch location for ESXi 4.x/5.x/6.0

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
peetz
Leadership
Leadership
‎09-22-2015 12:07 AM

Hi Burl and welcome to the forums!

can you please try to generate new certificates for ESXi by following the instructions here?:

Generate New Self-Signed Certificates for ESXi

Andreas

Twitter: @VFrontDe, @ESXiPatches | https://esxi-patches.v-front.de | https://vibsdepot.v-front.de
0 Kudos
burlbn
Contributor
Contributor
‎09-22-2015 11:33 AM

That didn't help with my issue, but I'm sure it was good to do.  Thanks!

burlbn
Contributor
Contributor
‎09-22-2015 11:34 AM

Thanks for the tip. I've tried this already and it did not seem to work.  I also set the sticky-bit on the .crt/.key files per another KB article that I saw - didn't work though.

0 Kudos