VMware Cloud Community
wreedMH
Hot Shot
Hot Shot
‎05-30-2018 09:40 AM

ELM vCenter deploy template - The vCenter server is unable to decrypt passwords stored in the customization specification

I have 2 ELM 6.5 vCenters build 8024368.

When attempting to clone a VM template from one vCenter to the other, we receive "The vCenter server is unable to decrypt passwords stored in the customization specification". Deploying the VM template to the vCenter where the template lives, works just fine.

We are using default certs, I have tried FQDN and non-FQDN of the vCenter URLs also. Same result.

Any ideas?

0 Kudos
12 Replies
msripada
Virtuoso
Virtuoso
‎06-01-2018 08:49 AM

Possibly trust of ssl certificates for the second vcenter might not be available on the vcenter.

Thanks,

MS

0 Kudos
wreedMH
Hot Shot
Hot Shot
‎06-07-2018 11:53 AM

How do you fix this?

0 Kudos
daphnissov
Immortal
Immortal
‎06-07-2018 11:56 AM

First try to delete and re-create the customization spec and see if that clears it up.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
wreedMH
Hot Shot
Hot Shot
‎06-11-2018 09:40 AM

It does not, we already tried to delete and re-create.

0 Kudos
wreedMH
Hot Shot
Hot Shot
‎08-28-2018 06:23 PM

Anyone else seen this? I just ran into it again on a Greenfield 6.5 U2 deployment. Intra-vCenter works fine, Cross vCenter fails with "The vCenter Server is unable to decrypt passwords stored in the customization specification."

0 Kudos
daphnissov
Immortal
Immortal
‎08-28-2018 06:24 PM

Can you confirm your exact workflow and what is where?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
wreedMH
Hot Shot
Hot Shot
‎08-29-2018 05:59 AM

When you clone a Server 2016 template from vCenter A to vCenter B and guest customize it. The wizard is successful, also the clone of the template is too, but at 99% it fails with

"The vCenter Server is unable to decrypt passwords stored in the customization specification."

0 Kudos
IRIX201110141
Champion
Champion
‎08-29-2018 01:56 PM

I dont have experience with ELM but some background information about the customizations.  The "secrets" like the Administrator Password for the GuestOS are stored in an encrypted format and the based on the current vCenter Cert/Key. So if you have a working customization and

- Change the Cert of your vCenter later, against your own RootCA for example

- Export a customization and import in into an different or fresh installed vCenter

the customations breaks because the process cant encrypt the secrets. You have to edit and save the customization again to get it working.

Not sure if you can solve this problem in a ELM setup.

We have a setup with external PSC and two vCenter linked to it. IIRC our customization are working.... but only 99.9% sure Smiley Happy

Regards,

Joerg

0 Kudos
daphnissov
Immortal
Immortal
‎08-29-2018 03:42 PM

Further to what was said (that I think you've already tried), if those two different vCenters aren't using the same certificate (regardless of what they have in their SAN) then this could be the reason. So if you're using self-signed certs on each vCenter, I don't know that the clone operation will work that way unless you call a customization spec on the destination vCenter's side.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
mrjlturner_eip
Contributor
Contributor
‎09-17-2018 12:24 PM

I'm having the same issue with a single vCenter instance, spinning up a 2k16 Standard server w/ customization spec. Now I'm starting to think its just an issue w/ 2016 server on 6.5?

0 Kudos
wreedMH
Hot Shot
Hot Shot
‎09-17-2018 12:44 PM

Happens to me cross vCenters on any Windows OS 2008, 2012 R2, 2016

0 Kudos
karps
Contributor
Contributor
‎03-12-2019 12:16 AM

I just encountered the same issue. I was only resetting the admin password and forgot I set a password for the domain join component. After resetting both the passwords the spec worked for me.

0 Kudos