I have 2 ELM 6.5 vCenters build 8024368.
When attempting to clone a VM template from one vCenter to the other, we receive "The vCenter server is unable to decrypt passwords stored in the customization specification". Deploying the VM template to the vCenter where the template lives, works just fine.
We are using default certs, I have tried FQDN and non-FQDN of the vCenter URLs also. Same result.
Any ideas?
Possibly trust of ssl certificates for the second vcenter might not be available on the vcenter.
Thanks,
MS
How do you fix this?
First try to delete and re-create the customization spec and see if that clears it up.
It does not, we already tried to delete and re-create.
Anyone else seen this? I just ran into it again on a Greenfield 6.5 U2 deployment. Intra-vCenter works fine, Cross vCenter fails with "The vCenter Server is unable to decrypt passwords stored in the customization specification."
Can you confirm your exact workflow and what is where?
When you clone a Server 2016 template from vCenter A to vCenter B and guest customize it. The wizard is successful, also the clone of the template is too, but at 99% it fails with
"The vCenter Server is unable to decrypt passwords stored in the customization specification."
I dont have experience with ELM but some background information about the customizations. The "secrets" like the Administrator Password for the GuestOS are stored in an encrypted format and the based on the current vCenter Cert/Key. So if you have a working customization and
- Change the Cert of your vCenter later, against your own RootCA for example
- Export a customization and import in into an different or fresh installed vCenter
the customations breaks because the process cant encrypt the secrets. You have to edit and save the customization again to get it working.
Not sure if you can solve this problem in a ELM setup.
We have a setup with external PSC and two vCenter linked to it. IIRC our customization are working.... but only 99.9% sure
Regards,
Joerg
Further to what was said (that I think you've already tried), if those two different vCenters aren't using the same certificate (regardless of what they have in their SAN) then this could be the reason. So if you're using self-signed certs on each vCenter, I don't know that the clone operation will work that way unless you call a customization spec on the destination vCenter's side.
I'm having the same issue with a single vCenter instance, spinning up a 2k16 Standard server w/ customization spec. Now I'm starting to think its just an issue w/ 2016 server on 6.5?
Happens to me cross vCenters on any Windows OS 2008, 2012 R2, 2016
I just encountered the same issue. I was only resetting the admin password and forgot I set a password for the domain join component. After resetting both the passwords the spec worked for me.