when i login to vcenter ,it spit out clock synchronization issue between web client and vcenter server.
i sure that the vcenter server synchronize time with the ntp server as well as the web client.
i suspect it is a ssl certificate issue so i try to replace the certificate as per the vmware kb VMware KB: Configuring Certificate Authority (CA) signed certificates for vCenter Server Applianc...and VMware KB: Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphe....
unfortunately i failed in the following command thought i have replace dos line ending in all certificate files from microsoft ca authrority:
it reture status code 650 while normally it expect status code 0.
version info about vcenter :
Appliance Version: 5.5.0.5101 Build 1398493
Update from version 5.1.
anticipate your response,thank in advance.
Hello gwrcn,
Have you got a chance to review the vpxd.log after trying to replacing the SSL certificate failed ?
Usually, the reason for VC_CFG_RESULT=650 occurs when vCenter Server could not re-encrypt its various configuration settings (database password and host passwords) with the new private key or it could not update its vCenter Single Sign-On application user.
Please refer KB article VMware KB: Decoding a non-zero VC_CFG_RESULT for failed vpxd_servicecfg certificate changes , also check whether the integrity of chain.pem certificate is fine.
appreciate your response.
I reviewed the log file carefully before executing the command ,it spit out the following error info:
ager.login -- 0a2824dc-6720-b651-5929-afe986a282f4
2014-10-05T10:39:11.548Z [7FA3C3DFB700 info '[SSO]' opID=19cd2113] [UserDirectorySso] Authenticate(root, "not shown")
2014-10-05T10:39:11.580Z [7FA3C3DFB700 error '[SSO]' opID=19cd2113] [UserDirectorySso] AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed: Invalid credentials)
2014-10-05T10:39:11.580Z [7FA3C3DFB700 error 'authvpxdUser' opID=19cd2113] Failed to authenticate user <root>
2014-10-05T10:39:15.594Z [7FA3C3DFB700 info 'commonvpxLro' opID=19cd2113] [VpxLRO] -- FINISH task-internal-9002 -- -- vim.SessionManager.login --
2014-10-05T10:39:15.594Z [7FA3C3DFB700 info 'Default' opID=19cd2113] [VpxLRO] -- ERROR task-internal-9002 -- -- vim.SessionManager.login: vim.fault.InvalidLogin:
--> Result:
--> (vim.fault.InvalidLogin) {
--> dynamicType = <unset>,
--> faultCause = (vmodl.MethodFault) null,
--> msg = "",
--> }
how to resolve it before proceeding?
when i execute the comand that mentioned above ,i open another terminal and run the comand to review /var/log/vmware/vpx/vpxd.log ,it spit
the following log :
2014-10-05T10:51:24.818Z [7F6D4C280740 warning 'Default'] [JrnlFilePersistenceProvider] Got EOF while reading file
2014-10-05T10:51:24.819Z [7F6D4C280740 warning 'Default'] [JrnlFilePersistenceProvider] Got EOF while reading file
2014-10-05T10:51:26.523Z [7F6D405A6700 info 'ThreadPool'] Thread enlisted
2014-10-05T10:51:28.299Z [7F6D4C280740 warning 'VpxProfiler'] Init [VpxdVod::Init()] took 3478 ms
2014-10-05T10:51:28.305Z [7F6D4C280740 info 'alarmMo'] [RegisterManagedEntityMonitor] Invalid monitor registered: Entity type not supported
2014-10-05T10:51:28.307Z [7F6D4C280740 info 'vpxdvpxdMoServiceInstance'] [ServiceInstanceMo::InitBiosUUID] VirtualCenter host's BIOS UUID is "421e7019-0cc2-6283-7732-b91249ae2365"
2014-10-05T10:51:28.355Z [7F6D4C280740 info 'Default'] Wrote vpxd process map to /var/log/vmware/vpx/vpxd-map-32363.txt.
2014-10-05T10:51:28.355Z [7F6D4C280740 warning 'VpxProfiler'] ServerApp::Init [TotalTime] took 21819 ms
2014-10-05T10:51:28.356Z [7F6D4C280740 info 'vpxdvpxdInternalSvc'] [SecurityManagerMo] Verifying new SSL certificate
2014-10-05T10:51:28.362Z [7F6D4C280740 info 'vpxdvpxdInternalSvc'] [SecurityManagerMo][SSO] Updating SSO/LS records
2014-10-05T10:51:28.363Z [7F6D4C280740 warning '[SSO][LookupServiceImpl]'] [CreateLookupServiceContent] Lookup service file not found, guessing from SSO Admin URL
2014-10-05T10:51:28.498Z [7F6D405A6700 warning 'Default'] Closing Response processing in unexpected state: 3
2014-10-05T10:51:28.498Z [7F6D40525700 info 'ThreadPool'] Thread enlisted
2014-10-05T10:51:28.538Z [7F6D4C280740 info '[SSO][LookupServiceImpl]'] [Login]
2014-10-05T10:51:28.538Z [7F6D4C280740 info '[SSO][LookupServiceImpl]'] [AcquireToken]
2014-10-05T10:51:29.299Z [7F6D4C280740 error '[SSO][LookupServiceImpl]'] [AcquireToken] AcquireToken exception: Unexpected SOAP fault: ns0:InvalidTimeRange; request failed.
2014-10-05T10:51:29.299Z [7F6D4C280740 error 'vpxdvpxdInternalSvc'] [SecurityManagerMo][SSO] Error while updating Vc certificate in LS. Error: N7Vmacore9ExceptionE(AcquireToken exception)
2014-10-05T10:51:29.299Z [7F6D4C280740 info 'vpxdvpxdSupportManager'] Wrote uptime information
the attachment is the log file.
anticipate your response
thank in advance
Hi, same problem here. After certificate has expired, I tried to replace it and ended with error 650. No idea how to fix it. I have opened support request.
Hi,
I solved my issue, support pointed me to http://kb.vmware.com/kb/2097934 which I have already tried but made mistake in step 2b, where you need to change enabled in the sso part not in the log part of config file. When I have figured this out, steps in KB worked and new certificates has been deployed.
appreciate your response.great work