SayNo2HyperV
Enthusiast
Enthusiast

VSAN 6.7 U3a - Failed to extract requested data

Jump to solution

This KB says this VSAN error with HTML5 client has been resolved.  It has not.

https://kb.vmware.com/s/article/74731

What is the status of this error that has been around for 2 months now?

Does anyone know a workaround and/or permanent fix?

Thank you.

Unrelated - Another 6.7 Update 3 issue I encountered managed to bring Vcenter offline due to full seat partition.  IMO - Vmware pre update quality control & post update response lacking

https://kb.vmware.com/s/article/74607

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
SayNo2HyperV
Enthusiast
Enthusiast

Myself as well has 2 others have successfully repaired this issue that started w/ Vsphere 6.7 U3.

In our environments it was trust anchors are mismatch issue.

Vmware maybe able to review script used here and create a new KB / resolution for this different cause of issue not covered in KB 74731 - (which U3a doesn't fix.)

https://www.reddit.com/r/vmware/comments/e4w74j/vsphere_67_u3a_vsan_html5_failed_to_extract/

View solution in original post

0 Kudos
8 Replies
TheBobkin
VMware Employee
VMware Employee

Hello SayNo2HyperV

The issue you referenced was resolved in a patch 3 weeks ago and this has been validated by every customer I worked with that hit this issue - if you are still having issues post-patching to vCSA 6.7 U3a then potentially you are experiencing something else (and/or maybe were all along), please open a case with GSS for analysis as opposed to assuming the same error message in the GUI equals the same cause.

With relation to the WBEM issue, that has been resolved in a patch released yesterday.

VMware ESXi 6.7, Patch Release ESXi670-201911001

Bob

0 Kudos
SayNo2HyperV
Enthusiast
Enthusiast

Thank you for sharing that WBEM issue has an update.  I'll look into that.

This VSAN issue is in lab environment that does not have support.

Fair enough that maybe more than 1 cause to this issue.  No idea of cause nor assuming anything.  I simply know VSAN HTML5 GUI worked in U2 and not in U3.  And whats funny is the new VSAN HTML5 GUI look / features is why I promptly updated this lab at release.  Which instead gave me flex client has only option.

I'll trek on as is in hope Vmware finds alternative causes to this issue and posts KB fix / patch.

With Vmware QC - I've learned by now that a good 3-6 months need to pass before any client production systems are updated.  But this was my learning lab which generally gets updated immediately.  So updating / breaking my fault too.

0 Kudos
SayNo2HyperV
Enthusiast
Enthusiast

If Vmware support is curious.  Reviewing /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log

See some cert errors.  Lab using internal Microsoft CA.  VCSA a sub CA.  Last time created sub cert was on 6.5 I believe so went ahead and re-generate new sub CA and replaced all.  Import completed successfully but still see cert errors being referenced in log.  As far as Chrome / IE when accessing vcenter the cert chain is trusted via FQDN.

[2019-11-13T20:00:09.992-08:00] [INFO ] tp-nio-127.0.0.1-5090-exec-4  com.vmware.vsan.client.util.Measure                               Collect performance service related data (3.45 s):

[*-------------*                                                                                                                                                                     ] VsanVcClusterConfigSystem.getConfigInfoEx (294ms)

[* VsanPerformanceManager.queryNodeInformation -------------------------------------------------------------------------------------------------------------------------------*      ] VsanPerformanceManager.queryNodeInformation (3313ms)

[*-*                                                                                                                                                                                 ] VsanPerformanceManager.getSupportedEntityTypes (75ms)

[*--------------------------------------*                                                                                                                                            ] VsanPerformanceManager.queryStatsObjectInformation (776ms)

[2019-11-13T20:00:09.994-08:00] [ERROR] tp-nio-127.0.0.1-5090-exec-4  com.vmware.vsan.client.services.ProxygenController                service method failed to invoke java.lang.reflect.InvocationTargetException: null

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at com.vmware.vsan.client.services.ProxygenController.invokeService(ProxygenController.java:130)

at com.vmware.vsan.client.services.ProxygenController.invokeServiceWithJson(ProxygenController.java:64)

at sun.reflect.GeneratedMethodAccessor646.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)

at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)

at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)

at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:854)

at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:765)

at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)

at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyServlet.service(HttpServiceRuntimeImpl.java:1256)

at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:153)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:50)

at com.vmware.o6jia.context.web.filter.WelcomeFileFilter.doFilter(WelcomeFileFilter.java:48)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.vise.security.SessionManagementFilter.doFilter(SessionManagementFilter.java:205)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:50)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at com.vmware.o6jia.context.web.filter.ContextPathAwareDelegatingFilter.doFilter(ContextPathAwareDelegatingFilter.java:46)

at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyFilterFactory$LegacyFilter.doFilter(HttpServiceRuntimeImpl.java:1215)

at org.eclipse.equinox.http.servlet.internal.registration.FilterRegistration.doFilter(FilterRegistration.java:121)

at org.eclipse.equinox.http.servlet.internal.servlet.FilterChainImpl.doFilter(FilterChainImpl.java:45)

at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:70)

at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:132)

at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.service(ProxyServlet.java:100)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

at org.eclipse.equinox.servletbridge.BridgeServlet.service(BridgeServlet.java:152)

at com.vmware.vsphere.bridge.BridgeServletEx.service(BridgeServletEx.java:21)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at com.vmware.vsphere.bridge.DenyConfigurationFilesFilter.doFilter(DenyConfigurationFilesFilter.java:45)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:679)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:748)

Caused by: com.vmware.vsphere.client.vsandp.core.sessionmanager.common.NotAccessibleException: Cannot connect to the specified site. The site might not be available on the network, or a network configuration problem might exist. Check your connection details and try again.

at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.VcClient.getConnection(VcClient.java:93)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.VcClient.getConnection(VcClient.java:67)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.VcClient.getConnection(VcClient.java:63)

at com.vmware.vsphere.client.vsan.iscsi.providers.VsanIscsiPropertyProvider.getVsanDatastoresByCluster(VsanIscsiPropertyProvider.java:189)

at com.vmware.vsphere.client.vsan.iscsi.providers.VsanIscsiPropertyProvider.isEmptyClusterForIscsi(VsanIscsiPropertyProvider.java:168)

at com.vmware.vsphere.client.vsan.perf.VsanPerfPropertyProvider.getPerfMonitorCommonPropsData(VsanPerfPropertyProvider.java:810)

... 119 common frames omitted

Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:256)

at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:56)

at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226)

at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:106)

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:629)

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:610)

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:360)

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:311)

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:184)

at com.sun.proxy.$Proxy815.retrieveServiceContent(Unknown Source)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.sso.SsoAdminFactory.onConnect(SsoAdminFactory.java:24)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.sso.SsoAdminFactory.onConnect(SsoAdminFactory.java:1)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.AbstractConnectionFactory.acquire(AbstractConnectionFactory.java:42)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.AbstractConnectionFactory.acquire(AbstractConnectionFactory.java:1)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.sso.tokenstore.NgcTokenRetriever.retrieveToken(NgcTokenRetriever.java:44)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.sso.tokenstore.TokenStore.retrieveTokenInfo(TokenStore.java:29)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.sso.tokenstore.ExplorationCapableTokenStore.retrieveTokenInfo(ExplorationCapableTokenStore.java:42)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.vc.TokenStoreVcAuth$1.run(TokenStoreVcAuth.java:41)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.resource.util.CheckedRunnable.withoutChecked(CheckedRunnable.java:25)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.vc.TokenStoreVcAuth.loginVc(TokenStoreVcAuth.java:38)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.vc.VcAuthenticator.login(VcAuthenticator.java:26)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.AbstractConnectionFactory.acquire(AbstractConnectionFactory.java:45)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.AbstractConnectionFactory.acquire(AbstractConnectionFactory.java:1)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.vc.VcExploratoryFactory.acquire(VcExploratoryFactory.java:47)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.vc.VcExploratoryFactory.acquire(VcExploratoryFactory.java:1)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.resource.resource.health.HealthCheckingFactory$1.acquire(HealthCheckingFactory.java:85)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.resource.resource.CachedResourceFactory.acquire(CachedResourceFactory.java:100)

at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.VcClient.getConnection(VcClient.java:88)

... 124 common frames omitted

Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

at com.vmware.vim.vmomi.client.http.impl.ClientExceptionTranslator.translate(ClientExceptionTranslator.java:54)

... 152 common frames omitted

Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: SSL handshake from 0.0.0.0/0.0.0.0:40572 to VCname.domain.local/127.0.0.1:443 failed in 7 ms

at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.handleHandshakeException(ThumbprintTrustManager.java:613)

at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:438)

at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.verifyHostname(VlsiSslSocketFactory.java:129)

at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.createLayeredSocket(VlsiSslSocketFactory.java:122)

at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.connectSocket(VlsiSslSocketFactory.java:88)

at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)

at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)

at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)

at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)

at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)

at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:47)

... 150 common frames omitted

Caused by: javax.net.ssl.SSLHandshakeException: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)

at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:436)

... 164 common frames omitted

Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:224)

at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1099)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

... 172 common frames omitted

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

at sun.security.validator.Validator.validate(Validator.java:262)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:113)

at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:209)

... 174 common frames omitted

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

... 180 common frames omitted

 

0 Kudos
SayNo2HyperV
Enthusiast
Enthusiast

Myself as well has 2 others have successfully repaired this issue that started w/ Vsphere 6.7 U3.

In our environments it was trust anchors are mismatch issue.

Vmware maybe able to review script used here and create a new KB / resolution for this different cause of issue not covered in KB 74731 - (which U3a doesn't fix.)

https://www.reddit.com/r/vmware/comments/e4w74j/vsphere_67_u3a_vsan_html5_failed_to_extract/

View solution in original post

0 Kudos
GalNeb
Enthusiast
Enthusiast

Thank you, that fixed my problem as well.  1 stupid service was updated.

In my case, apparently I had set my system up at one time to be a subordinate CA and had changed it back to self-signed.  This is a home lab.  That one endpoint was still on the old expired subordinate cert.

Thank you again.

Old enough to know better, young enough to try anyway
0 Kudos
wreedMH
Hot Shot
Hot Shot

When I attempt to run the script I get this. Any ideas?

root@vdi-vc [ ~ ]# ./check-trust-anchors

bash: ./check-trust-anchors: /bin/bash^M: bad interpreter: No such file or directory

root@vdi-vc [ ~ ]#

0 Kudos
wreedMH
Hot Shot
Hot Shot

Got the script to run. I was on 6.7 U3g, so its certainly not fixed in U3a.

The reddit article/script fixed the problem.

vsphere 6.7 U3a - VSAN / HTML5- Failed to extract requested data : vmware

0 Kudos
MichaelMillerMW
Contributor
Contributor

It took me a few weeks of banging my head against the wall with this same exact error. This is what you need to do get through it..

1. update the filename of check-trust-anchors to check-trust-anchors.sh

2. make sure you place the file into the /tmp folder.

3. cd /tmp

4. chmod 755 check-trust-anchors.sh

5. sed -i -e 's/\r$//' check-trust-anchors.sh

6. ./check-trust-anchors.sh -cml -f

Take care.