VMware Horizon Community
pastec
Contributor
Contributor
‎08-22-2012 09:21 AM

Unable to update VC certificate thumbprints on SVI server

Our infrastructure is currently configured as below:

  • A) 2 Connection Servers in network load balancing for the main environment
  • B) 1 Connection Server for an isolated network
  • C) 1 vCenter Server with co-installed Composer

One week ago we started the exciting journey "Upgrade your VMware View: from 4.6 to 5.1 + from Windows 2003 to Windows 2008 R2". In a nutshell the worst case...

No regrests, all is well documented in the "VMware View Upgrades 5.1" pdf, but maybe we have a configuration that is a little bit out of ordinary.

After all the steps required, we finally have our 4 servers upgraded up and running ...at least 90%.

The only thing left to fix is an error on the procedure to verify the View Composer certificate from the View Administrators of the point A) - see Figure 1.

Figure 1 - View Administrators point A)

2102135_1.png

The strange thing is that this procedure terminates successfully from the View Administrator of the point B). Obviously the certificate is the same - see Figure 2.

Figure 2 - View Administrator point B)

2102135_2.png

The error we catch when we try to verify the certificate is the following:

There was an error identifying the validity of the server.

And the corresponding error log in C:\ProgramData\Application Data\VMware\VDM\logs is:

2012-08-22T12:37:42.849+02:00 ERROR (0C88-13B4) <Publish VC Cert Task-1345625753539> [PublishVcCertToSviFederatedTask] Unable to update VC certificate thumbprints on SVI server https://<ip_address>:18443 - javax.net.ssl.SSLHandshakeException: com.vmware.vdi.vcsupport.ssl.MismatchedThumbprintException: InvalidCertificateException[reasons:nameMismatch; subject:'CN=<fqdn>, OU=Information Technology, O=xxxxxxxxxxxxxxxxxxx, L=xxxxxxxxxxxxxxxxx, ST=xxxxxxxxxxxxxxxxxxxxx, C=xxxxxxxxxxxxxxxxx' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: nameMismatch, ChainReasons: ']


2012-08-22T12:37:42.850+02:00 DEBUG (0C88-13B4) <Publish VC Cert Task-1345625753539> [PublishVcCertToSviFederatedTask] Unable to update VC certificate thumbprints on SVI server https://xxxxxxxxxxxxxxxxxx:18443 com.vmware.vdi.desktopcontroller.PublishVcCertToSviFederatedTask.b(SourceFile:547)
AxisFault


faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException


faultSubcode:


faultString: javax.net.ssl.SSLHandshakeException: com.vmware.vdi.vcsupport.ssl.MismatchedThumbprintException: InvalidCertificateException[reasons:nameMismatch; subject:'CN=xxxxxxxxxxxxxxxxxxxxxxxxxxxx, OU=Information Technology, O=xxxxxxxxxxxxxxxxx, L=xxxxxxxxxxxxxxxx, ST=xxxxxxxxxxxxxx, C=xxxxxxxxxxxxx' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: nameMismatch, ChainReasons: ']


faultActor:


faultNode:


faultDetail:


        {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: com.vmware.vdi.vcsupport.ssl.MismatchedThumbprintException: InvalidCertificateException[reasons:nameMismatch; subject:'CN=vmware-vcenter1.schio2000.comune.schio.vi.it, OU=Information Technology, O=Pasubio Tecnologia S.r.l., L=Schio, ST=Vicenza, C=IT' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: nameMismatch, ChainReasons: ']


        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)


        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)

...

We will be obliged if some of you had some idea.

Cheers, y.da

0 Kudos
1 Reply
ElGogy
Contributor
Contributor
‎04-23-2013 12:30 PM

Hi.

I have the same issue.

Have you found any solution?

Thanks a lot!

Diego.

0 Kudos