Hi, I believe your analysis is correct and this is indeed the cause for the failure. I have double-checked the log bundle and found the corresponding location for the error in the source code. ...
See more...
Hi, I believe your analysis is correct and this is indeed the cause for the failure. I have double-checked the log bundle and found the corresponding location for the error in the source code. There is however something I do not understand. When setting up the conversion job in Converter Client, at the destination select step you need to connect to the vCenter sever and enter username and password. At this point Converter Client should display a prompt stating the server certificate is not trusted, display the thumbprint and ask for confirmation whether to proceed with the connection or not. If you select to ignore the error then the certificate thumbprint is saved in the job spec and then passed to the Converter Agent. The agent in turn connects to vCenter server and checks whether the saved certificate from the UI matches the actual server certificate. If this is the case it proceeds with the connection. In your case obviously it did not happen as confirmed by the error you have posted: 2022-11-08T10:41:41.564-06:00 warning vmware-converter-agent[08940] [Originator@6876 sub=task-1] CreateVimConnection has SSL certificate error while trying to connect, Error: SSL Exception: Verification parameters: --> PeerThumbprint: DF:65:E8:9E:F9:95:C8:81:A7:2A:BC:66:63:F5:EB:19:75:44:60:54 --> ExpectedThumbprint: <<<<<<<<<!!!!!!!!!!!!!!!!!!!! --> ExpectedPeerName: xxx.xxx.xxx Indeed the ExpectedThumbprint field is empty and it does not match the actual server thumbprint, which ultimately aborts the connection. I have also checked the GUI log, where the expected thumbprint should be populated by the client and indeed we can see the following: --> vimConnect = (converter.VimConnectionSpec) { --> hostname = "vcenter.server.name", --> port = <unset>, --> credentials = (converter.VimConnectionSpec.LoginVimCredentials) { --> username = "<domain>\<user>", --> password = (not shown) --> }, --> verifyPeer = <unset>, --> sslThumbprint = <unset> --> }, We can see the sslThumbprint property is unset in the client and that is the reason for passing an empty value to the agent. For a reference if we look at another conversion in the GUI log we see something different: --> vimConnect = (converter.VimConnectionSpec) { --> hostname = "10.x.y.z", --> port = <unset>, --> credentials = (converter.VimConnectionSpec.LoginVimCredentials) { --> username = "<user>", --> password = (not shown) --> }, --> verifyPeer = <unset>, --> sslThumbprint = "2F:86:39:75:FB:8D:9F:03:45:1E:84:0A:9F:D3:08:50:FE:53:DE:8C" --> }, In this case the thumbprint is populated properly in the client and should be propagated to the agent. I am not sure what could be the reason for this behavior, what comes to my mind is that the client machine (where Converter Client is running) trusts the vCenter certificate and the connection proceeds without an exception, which does not generate a prompt in the UI and as a result the vCenter certificate thumbprint does not get passed to the agent. On the other hand on the Hyper-V machine the vCenter certificate is not trusted, but since the thumbprint is not saved by the client (ExpectedThumbprint is empty), it cannot be confirmed and the connection to vCenter fails. I think the easiest workaround would be to configure the Hyper-V server to trust the vCenter certificate (note it should be configured for the local machine root, but not for the current user), however this is just a suggestion, I have not verified it locally since I have not reproduced the issue.