In VIO management server, the hostname and thumbprint of the VC certificate will be verified when connect to the vCenter server. If we cannot see the VIO UI plugin in the vSphere web client after deploying the VIO vApp, we need to double check the logs to see whether the OMS server is started correctly or not.
If we see below error in the logs:
Failed Extension registration to https://<vc_ip_or_hostname>/vsm/extensionService javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address <vc_ip_or_hostname> found
Root cuase:
- The certificate of the vCenter server is invalid - the subject alternative name (SAN) does not contains the host name or IP address.
The solution:
- Login https://<vc_ip_or_hostname>:5480/#core.Login, and regenerate the SSL certificate or replace the vCenter certificate with a valid one.
If we see below error in the logs:
Failed Extension registration to https://<vc_ip_or_hostname>/vsm/extensionService javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Server certificate chain is not trusted and thumbprint doesn't match Root cuase:
- The certificate of the vCenter server has been updated, and the thumbprint in VIO management server is outdated.
The solution:
- Restart the VIO virtual appliance (vApp) as a whole in vSphere web client.
Sometimes, our vCenter server certificate just includes the hostname (without IP address), VIO management server may not be abled to connect to the SSO server, because we are using the IP address of the vCenter server if the SSO URL has not been specified during the VIO OVA deployment, and the certificate verification fail.
There is a workaround - set the SSO URL through properties (vApp Options) of the VIO management VM, and then "Power Off"/"PowerOn" the VIO vApp (not just the VIO management server).
