VMware Support Community
VDSB
Contributor
Contributor
Jump to solution

VMware SHD: Adding Trusted Target failed - Certificate Status check failed: Failed to resolve target

I just did a fresh install of the SHD tool on my system and when I try to configure it after I've logged in for the first time, I get this error message when I try to enter the vCenter/ESXi Details on the first page: Adding Trusted Target failed - Certificate Status check failed: Failed to resolve target name (image 2).


But before that, I when press the Check connection button, I get: SHD cannot validate the following security certificate
And the question says Connect anyway:  Cancel or Connect and I choose connect (Image 1).

So I cannot do anything so far with this tool because it can't connect to my environnement.

Thank you for any and all help provided.

2 Solutions

Accepted Solutions
NickDaGeekUK
Enthusiast
Enthusiast
Jump to solution

@VDSB 

use putty to connect via ssh or if in vSphere open a console session

log in as root

you need to run vi

if your network it is on begins 10. the file you need to edit will be called /etc/systemd/network/10-static-en.network

if your network is on 192. most likely it will be called  /etc/systemd/network/192-static-en.network

move cursor down and to end of last line (which in my case was DNS=) and hit lower case o

this adds a new line

Domains=<mylocaldomain> 

make sure you have your full domain instead of the <> placeholder (in my case domain.local)

Check for typos if all good enter a colon followed by wq

:wq

to write out the file to disk and quit VI

you can then use the commands to restart the service daemon or simply go the whole hog as I did

type reboot

that should do it.

Kind regards,
Nick.

View solution in original post

NickDaGeekUK
Enthusiast
Enthusiast
Jump to solution

@VDSB 

Solved: SSL Connection to target failed - Unexpected error... - VMware Technology Network VMTN

possibly an issue with the vCentre server itself, if it is a VCSA then the above link suggests a restart of a service

mlima87

Contributor

Solution was to login to server and restart vmware-shd with below cmd. 

systemctl restart vmware-shd

Kind regards,
Nick.

View solution in original post

13 Replies
anshumansingh
VMware Employee
VMware Employee
Jump to solution

Hi @VDSB ,

The first message (1.PNG) is a "Warning" for the user to accept and trust the target before trying to establish the connection with the target from SHD (This is to ensure the target is trusted by the user), in this step, you can either "Accept" or "Cancel" depending upon the target trust information shown.

For the second error (2.PNG), it appears to be the network configuration problem, so here SHD is unable to resolve the hostname of the target, can you please check is nslookup from SHD VM to the target is resolving the hostname correctly, if not please check the network settings file.

 

Reply
0 Kudos
sburningham
Contributor
Contributor
Jump to solution

I'm not trying to hijack this thread, but just wanted to share some input.  I'm having the same issue.  My NSLOOKUP on the IP address results are as follows:

Authoritative answers can be found from:
> 10.50.###.###
250.###.##.##.in-addr.arpa name = vcenter01.anycompany.local.

Authoritative answers can be found from:
>

When I run NSLOOKUP on the FQDN I get a failure.


Authoritative answers can be found from:
> vcenter01.anycompany.local
Server: 127.0.0.53
Address: 127.0.0.53#53

** server can't find vcenter01.anycompany.local: SERVFAIL
> 10.50.###.###
250.###.###.###.in-addr.arpa name = vcenter01.anycompany.local.

 

Reply
0 Kudos
VDSB
Contributor
Contributor
Jump to solution

When I do my NSLOOKUP on the server, it does resolve the name properly and yet, on the web interface it never wants to access it, I always get the same error messages as previously posted (see the images on the first post of this thread).

My NSLOOKUP looks like this:

nslookup 10.132.xx.60
60.xx.132.10.in-addr.arpa      name = vcenter67companyname.company.local

When I do it the other way around:

nslookup vcenter67companyname.company.local
Server: 10.132.yy.33
Address: 10.132.yy.33#53

Name: vcenter67companyname.company.local
Address: 10.132.xx.60

Where xx and yy are on different segments and VLANs.

But if I don't specify the .company.local it won't resolve it, so I have to have the full FQDN for it to resolve.

But in the end, it still doesn't work and SHD still cannot connect to it.

Reply
0 Kudos
ckonrads
Contributor
Contributor
Jump to solution

It's a blend of the two threads here:

https://communities.vmware.com/t5/Skyline-Health-Diagnostics-SHD/Name-Resolution-on-SHD-appliance/m-...

https://communities.vmware.com/t5/Skyline-Health-Diagnostics-SHD/How-do-I-change-the-DNS-settings-on...

Just add that Domain=xy.local to the /etc/systemd/network/*.network file and restart the systemd-resolved & systemd-networkd with the commands 

systemctl restart systemd-networkd

systemctl restart systemd-resolved

Good Luck!

Tags (3)
VDSB
Contributor
Contributor
Jump to solution

I think the links are very useful especially the first one.

However, I have absolutely no knowledge on anythiing UNIX/Linux/Photon based and I have no idea what commands to run to be able to edit /etc/systemd/network/*.network file.  I can read it by using the cat command but how do I go about editing it.

 

So sorry guys, newb here 😥😪

Thank you for your help.

Reply
0 Kudos
NickDaGeekUK
Enthusiast
Enthusiast
Jump to solution

Thanks that did it for me 👍

Kind regards,
Nick.
Reply
0 Kudos
NickDaGeekUK
Enthusiast
Enthusiast
Jump to solution

@VDSB 

use putty to connect via ssh or if in vSphere open a console session

log in as root

you need to run vi

if your network it is on begins 10. the file you need to edit will be called /etc/systemd/network/10-static-en.network

if your network is on 192. most likely it will be called  /etc/systemd/network/192-static-en.network

move cursor down and to end of last line (which in my case was DNS=) and hit lower case o

this adds a new line

Domains=<mylocaldomain> 

make sure you have your full domain instead of the <> placeholder (in my case domain.local)

Check for typos if all good enter a colon followed by wq

:wq

to write out the file to disk and quit VI

you can then use the commands to restart the service daemon or simply go the whole hog as I did

type reboot

that should do it.

Kind regards,
Nick.
VDSB
Contributor
Contributor
Jump to solution

NickDaGeekUK, dude, it helped a lot.  Now at least is sees the server... still can't connect to it because now I'm getting the error message:  SSL Connection to target failed - Unexpected error while connecting to the target

 

Thanks again for your help.  I am getting close to getting this thing working (me thinks 😉)

Reply
0 Kudos
VDSB
Contributor
Contributor
Jump to solution

I can finally have the SHD be able to see the vCenter, but it still can't connect to it properly as I get this error message when I try to connect and scan the vCenter: SSL Connection to target failed - Unexpected error while connecting to the target

 

Any clue on how to fix this?

Reply
0 Kudos
NickDaGeekUK
Enthusiast
Enthusiast
Jump to solution

@VDSB 

Solved: SSL Connection to target failed - Unexpected error... - VMware Technology Network VMTN

possibly an issue with the vCentre server itself, if it is a VCSA then the above link suggests a restart of a service

mlima87

Contributor

Solution was to login to server and restart vmware-shd with below cmd. 

systemctl restart vmware-shd

Kind regards,
Nick.
drfooser
Contributor
Contributor
Jump to solution

I'll thank you now for your efforts to help the community. I've read through this thread and applied all the things...

"Adding Trusted Target failed - Certificate Status check failed: Failed to resolve target name"

 

That is the error I got after the appliance install, and thats what I still get after adding Domains=sub.domain.local

I note for the newbies that the domain value needs to be the domain of the vcenter server.

 

After editing the file I restarted :

systemd-networkd

systemd-resolved

vmware-shd

 

Still no joy.

 

Fixed IT!!! -

I change the DNS IP addresses in that file to be the same as those used by vcenter server. restarted the 3 services above and Bob's my uncle.

Reply
0 Kudos
GoodMorningDave
Enthusiast
Enthusiast
Jump to solution

to whom it concerns,

use putty to connect via ssh or if in vSphere open a console session

to what exactly? VMSA, vCenter, VSHD, ?

Reply
0 Kudos
NickDaGeekUK
Enthusiast
Enthusiast
Jump to solution

@GoodMorningDave  to the SHD is what you need to connect to AFAIK.

Kind regards,
Nick.
Reply
0 Kudos