VMware Cloud Community
jonathanp
Expert
Expert
‎04-13-2017 11:52 AM
Jump to solution

RVC not working after replacing certificates on VCSA

Hi,

     we replaced certificates on PSCs, vCenters, NSX, etc because they were going to expire.

We have 4 vCenters on VCSA and 4 external PSC on VCSA as well.

We replaced on all of them about a week ago.

Now today I wanted to check something about vSAN using RVC (which was working before the cert replacement as I use this all the time).

But when I try to access it, it failed with the following :

<servername>:/usr/lib/vmware-vmca/bin # rvc

Install the "ffi" gem for better tab completion.

WARNING: Nokogiri was built against LibXML version 2.7.6, but has dynamically loaded 2.9.2

Host to connect to (user@host): administrator@vsphere.local@localhost

Failed to connect to localhost: Public key fingerprint for host 'localhost' does not match /root/.rvc/known_hosts:0.

No connections available.

<servername>:/usr/lib/vmware-vmca/bin #

Any idea on how to resolve this ?

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
TheBobkin
Champion
Champion
‎04-13-2017 02:07 PM
Jump to solution

Hello,

I had a further look:

rvc/known_hosts is just a txt file that has entries for: host, peer_public_key

So basically when you are trying to connect now it already has a previous entry for 'localhost' with the old public key, it compares this and it does not match so denies.

You can edit the rvc/known_hosts file with vi or any text editor and remove the entries for localhost and the old public key, then when you try to connect again as localhost it will prompt you whether you want to add the current 'localhost' + public key.

That or you can use administrator@vsphere.local@127.1 or administrator@vsphere.local@127.0.0.0 (this will likely only work provided you have never accessed via these 'hosts' before and thus never added these to the rvc/known_hosts file with old keys).

Bob

-o- If you found this comment useful please click the 'Helpful' button and/or select as 'Answer' if you consider it so, please ask follow-up questions if you have any -o-

View solution in original post

Reply
0 Kudos
3 Replies
TheBobkin
Champion
Champion
‎04-13-2017 12:07 PM
Jump to solution

Hello Jonathan,

Look in the contents of the rvc files for that 'known_hosts' list and add the public key of the VCSA. Apologies, no labs accessible at the moment here, otherwise would check it myself.

Otherwise try running:

# rvc administrator@vsphere.local@127.1

Bob

-o- If you found this comment useful please click the 'Helpful' button and/or select as 'Answer' if you consider it so, please ask follow-up questions if you have any -o-

Reply
0 Kudos
TheBobkin
Champion
Champion
‎04-13-2017 02:07 PM
Jump to solution

Hello,

I had a further look:

rvc/known_hosts is just a txt file that has entries for: host, peer_public_key

So basically when you are trying to connect now it already has a previous entry for 'localhost' with the old public key, it compares this and it does not match so denies.

You can edit the rvc/known_hosts file with vi or any text editor and remove the entries for localhost and the old public key, then when you try to connect again as localhost it will prompt you whether you want to add the current 'localhost' + public key.

That or you can use administrator@vsphere.local@127.1 or administrator@vsphere.local@127.0.0.0 (this will likely only work provided you have never accessed via these 'hosts' before and thus never added these to the rvc/known_hosts file with old keys).

Bob

-o- If you found this comment useful please click the 'Helpful' button and/or select as 'Answer' if you consider it so, please ask follow-up questions if you have any -o-

Reply
0 Kudos
jonathanp
Expert
Expert
‎04-15-2017 05:57 AM
Jump to solution

Thanks Bob, that fixed my issues Smiley Wink..

The file I modified is : /root/.rvc/know_hosts.

Reply
0 Kudos