VMware Cloud Community
gwrcn
Contributor
Contributor
‎10-04-2014 08:31 AM

failed to login to vcenter and failed to replace ssl certificate for vcenter appliant 5.5

when i login to vcenter ,it spit out clock synchronization issue between web client and vcenter server.

i sure that the vcenter server  synchronize time with the ntp server as well as the web client.

i suspect it is a ssl certificate issue so i try to replace the certificate as per the vmware kb VMware KB:    Configuring Certificate Authority (CA) signed certificates for vCenter Server Applianc...and VMware KB: Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphe....

unfortunately i failed in the following command  thought i have replace dos line ending in all certificate files from microsoft ca authrority:

/usr/sbin/vpxd_servicecfg certificate change chain.pem rui.key

it reture status code 650  while normally it expect status code 0.


version info about vcenter :

Appliance Version: 5.5.0.5101 Build 1398493

Update from version 5.1.

anticipate your response,thank in advance.

0 Kudos
5 Replies
vuzzini
Enthusiast
Enthusiast
‎10-04-2014 11:06 PM

Hello gwrcn,

Have you got a chance to review the vpxd.log after trying to replacing the SSL certificate failed ?

Usually, the reason for VC_CFG_RESULT=650 occurs when vCenter Server could not re-encrypt its various configuration settings (database password and host passwords) with the new private key or it could not update its vCenter Single Sign-On application user. 


Please refer KB article VMware KB: Decoding a non-zero VC_CFG_RESULT for failed vpxd_servicecfg certificate changes , also check whether the integrity of chain.pem certificate is fine.

If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points. Sandeep Vuzzini Sr. DevOps Engineer
0 Kudos
gwrcn
Contributor
Contributor
‎10-05-2014 04:03 AM

appreciate your response.

I reviewed  the log file carefully before executing the command ,it spit out the following error info:

ager.login -- 0a2824dc-6720-b651-5929-afe986a282f4

2014-10-05T10:39:11.548Z [7FA3C3DFB700 info '[SSO]' opID=19cd2113] [UserDirectorySso] Authenticate(root, "not shown")

2014-10-05T10:39:11.580Z [7FA3C3DFB700 error '[SSO]' opID=19cd2113] [UserDirectorySso] AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed: Invalid credentials)

2014-10-05T10:39:11.580Z [7FA3C3DFB700 error 'authvpxdUser' opID=19cd2113] Failed to authenticate user <root>

2014-10-05T10:39:15.594Z [7FA3C3DFB700 info 'commonvpxLro' opID=19cd2113] [VpxLRO] -- FINISH task-internal-9002 --  -- vim.SessionManager.login --

2014-10-05T10:39:15.594Z [7FA3C3DFB700 info 'Default' opID=19cd2113] [VpxLRO] -- ERROR task-internal-9002 --  -- vim.SessionManager.login: vim.fault.InvalidLogin:

--> Result:

--> (vim.fault.InvalidLogin) {

-->    dynamicType = <unset>,

-->    faultCause = (vmodl.MethodFault) null,

-->    msg = "",

--> }

how to resolve it before proceeding?

when i execute the comand that mentioned above ,i open another terminal and run the comand to review   /var/log/vmware/vpx/vpxd.log ,it  spit

the following log :

2014-10-05T10:51:24.818Z [7F6D4C280740 warning 'Default'] [JrnlFilePersistenceProvider] Got EOF while reading file

2014-10-05T10:51:24.819Z [7F6D4C280740 warning 'Default'] [JrnlFilePersistenceProvider] Got EOF while reading file

2014-10-05T10:51:26.523Z [7F6D405A6700 info 'ThreadPool'] Thread enlisted

2014-10-05T10:51:28.299Z [7F6D4C280740 warning 'VpxProfiler'] Init [VpxdVod::Init()] took 3478 ms

2014-10-05T10:51:28.305Z [7F6D4C280740 info 'alarmMo'] [RegisterManagedEntityMonitor] Invalid monitor registered: Entity type not supported

2014-10-05T10:51:28.307Z [7F6D4C280740 info 'vpxdvpxdMoServiceInstance'] [ServiceInstanceMo::InitBiosUUID] VirtualCenter host's BIOS UUID is "421e7019-0cc2-6283-7732-b91249ae2365"

2014-10-05T10:51:28.355Z [7F6D4C280740 info 'Default'] Wrote vpxd process map to /var/log/vmware/vpx/vpxd-map-32363.txt.

2014-10-05T10:51:28.355Z [7F6D4C280740 warning 'VpxProfiler'] ServerApp::Init [TotalTime] took 21819 ms

2014-10-05T10:51:28.356Z [7F6D4C280740 info 'vpxdvpxdInternalSvc'] [SecurityManagerMo] Verifying new SSL certificate

2014-10-05T10:51:28.362Z [7F6D4C280740 info 'vpxdvpxdInternalSvc'] [SecurityManagerMo][SSO] Updating SSO/LS records

2014-10-05T10:51:28.363Z [7F6D4C280740 warning '[SSO][LookupServiceImpl]'] [CreateLookupServiceContent] Lookup service file not found, guessing from SSO Admin URL

2014-10-05T10:51:28.498Z [7F6D405A6700 warning 'Default'] Closing Response processing in unexpected state: 3

2014-10-05T10:51:28.498Z [7F6D40525700 info 'ThreadPool'] Thread enlisted

2014-10-05T10:51:28.538Z [7F6D4C280740 info '[SSO][LookupServiceImpl]'] [Login]

2014-10-05T10:51:28.538Z [7F6D4C280740 info '[SSO][LookupServiceImpl]'] [AcquireToken]

2014-10-05T10:51:29.299Z [7F6D4C280740 error '[SSO][LookupServiceImpl]'] [AcquireToken] AcquireToken exception: Unexpected SOAP fault: ns0:InvalidTimeRange; request failed.

2014-10-05T10:51:29.299Z [7F6D4C280740 error 'vpxdvpxdInternalSvc'] [SecurityManagerMo][SSO] Error while updating Vc certificate in LS. Error: N7Vmacore9ExceptionE(AcquireToken exception)

2014-10-05T10:51:29.299Z [7F6D4C280740 info 'vpxdvpxdSupportManager'] Wrote uptime information

the  attachment is the log file.

anticipate your response

thank in advance

vpxd.zip
0 Kudos
ivanerben
Enthusiast
Enthusiast
‎01-29-2015 08:06 AM

Hi, same problem here. After certificate has expired, I tried to replace it and ended with error 650. No idea how to fix it. I have opened support request.

0 Kudos
ivanerben
Enthusiast
Enthusiast
‎01-30-2015 02:35 AM

Hi,

I solved my issue, support pointed me to http://kb.vmware.com/kb/2097934 which I have already tried but made mistake in step 2b, where you need to change enabled in the sso part not in the log part of config file. When I have figured this out, steps in KB worked and new certificates has been deployed.

0 Kudos
gwrcn
Contributor
Contributor
‎02-01-2015 05:09 PM

appreciate your response.great work

0 Kudos