VMware Cloud Community
mbartle
Enthusiast
Enthusiast

Cannot export vLCM image if you use a custom SSL cert (Non-Microsoft)

I have had a ticket open with support for almost 6 weeks now. The issue is :

If you import a custom machine SSL cert (in my case from GoDaddy) to your vCenter, you cannot export any images (either zip, ISO or JSON) from a cluster.  It throws the following error 

This site can’t provide a secure connection

test-vcenter.blah.ca sent an invalid response.

 

  • Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
 
The only way I have been able to export images has been to create a new vCenter, let it use the self-signed certificate, then create a dummy cluster with no hosts, create an image and export it.  This works just fine.  We have a test vCenter plus a prod copy both using unique certs from GoDaddy and both experience same issues (7.02 and 7.03 versions)
 
Support can't seem to figure this out yet.  Can someone do me a favor please.  If you have a vCenter with a custom SSL cert, can you create a test cluster, create an image and see if it lets you export it ?  I'm just curious if this happens with anyone else.
Reply
0 Kudos
36 Replies
thasenack
Contributor
Contributor

Oh good, this isn't just happening to me.

I can verify that I'm in the same boat

Reply
0 Kudos
mbartle
Enthusiast
Enthusiast

Well have I got some good news for you !  After 4 months of having an SR open and many many techs attempting to figure this out, they found out what was happening.

When you export the ISO and it opens a new browser tab (that ends up throwing the error), notice the port it is connecting to is 9084

Change this to 9087 and reload the page and the ISO will start downloading.  I tested this in both my vCenters (7.02 and 7.03) and it works fine.

I have no idea why it works out of the box on 9084 if you don't use custom SSL certs, but after this long troubleshooting I'm ok with just changing the port and reloading the page.  Let me know if this worked for you as well.

 

mskaleck
Contributor
Contributor

Thanks so much! Changing from port 9084 to 9087 and reloading the page also worked for me.

Reply
0 Kudos
rgb99
Enthusiast
Enthusiast

This workaround also worked for me. So dumb... I hope they resolve this! (Currently on 7.0.3g)

Reply
0 Kudos
rgb99
Enthusiast
Enthusiast

The workaround no longer works for me, so now I'm stuck! I opened SR#22390424612 in hopes they know what to do.

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot

There is a new bug

You can export an image if there are NO vendor addons

As soon as you pick one (example : Dell Add-On for ESXi 7.0.3 A09) , it will not export the image.  Please let me know if support gets back to you

 

Reply
0 Kudos
rgb99
Enthusiast
Enthusiast

That's the whole point of the Image Profile. I need specific Addons. smh

I'll see what Support says.

Reply
0 Kudos
cvv2
Contributor
Contributor

Confirmed, DL iso without addon (change port to 8087) is working.

DL with addon NOT, Did you get an answer from VMware support?

Reply
0 Kudos
rgb99
Enthusiast
Enthusiast

VMware GSD referred us to create a ticket with Dell which I've done. The ticket is ongoing. Internally, we determined so far that exporting with Dell addon for PowerEdge Servers running ESXi 7.0 U3 A07 and earlier is successful. However, when using A08 or the latest, A09, it fails with the same error. We suspect it has to do with a bad vib.

ImageService: 139758577002240: 2022-12-23 13:54:56,666 imageService:207 ERROR Image export failed with: (None, None, 'Error retrieving file for VIB \'MVL_bootbank_qlnativefc_5.3.2.0-1OEM.703.0.0.18644231\': ("<_io.BufferedReader name=\'/storage/updatemgr/patch-store/hostupdate/DEL/vib20/qlnativefc/MVL_bootbank_qlnativefc_5.3.2.0-1OEM.703.0.0.18644231.vib\'>", "Error opening file object for VIB \'MVL_bootbank_qlnativefc_5.3.2.0-1OEM.703.0.0.18644231\': Expected value \'[]\' for attribute \'swplatforms\', but found value \'[<vmware.esximage.Vib.SoftwarePlatform object at 0x7f1bcc8fb710>]\'.").')
ImageService: 139758577002240: 2022-12-23 13:54:56,669 imageService:823 INFO Time used for command software --export --exportNameHash 322080307 --exportLocation /storage/updatemgr/patch-store-temp --exportFormat ISO_IMAGE_INSTALLER : 2556.06 ms

 

We haven't heard back from Dell Support after providing them with the vCenter logs.

Tags (1)
Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot

No reply from support. To be honest I have no faith.  I was the one who opened the ticket a year ago to discover we had to change the port and press enter to download the image.  it took them 4 months to resolve that.  I just keep an old vCenter 7.0.2 powered off that I use to create and export images now.  If someone gets an answer, please reply

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot

If I use vCenter 7.0.2, I can build and export an image with A09 for 7.0.3 ESXi and export it just fine.  It seems to affect 7.0.3x

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot

I just did a pile of tests

If you are using vCetner 7.0.3 (past update f), you cannot build a Dell ISO for ESXi 7.0.3 and select A09 or A08 bundles.  They will not export as the previous user posted.  If you build with A07, you can export.

I spun up an old vCenter 7.0.2e and was able to successfully build and export the 7.0.3 ISO using A09.  The problem is 100% with the latest U3.x builds of vCenter

pmichelli
Hot Shot
Hot Shot

@rgb99 Can you tell me how you managed to open the case to Dell EMC for this ? I would like to do the same, but when I give them the service tag from one of my FC640 Blades, I end up with server support and those folks say they don't handle the software and to go talk to VMware.

If you're willing, can you share you SR number (you can DM to me) and I will reference it as well, if I can get a case opened

Thank You

Reply
0 Kudos
rgb99
Enthusiast
Enthusiast

This is what Dell Support recommended to work around it. Kind of a pain. The VMware ticket was also escalated since it seems more like a vCenter issue than a vib issue.

 


To remove a vib file from an iso, you would need to use VMWare ImageBuilder or you can just use the version that worked the A07 and don't add the addon or A09, then manually update the host addon later.

Customizing Installations with vSphere ESXi Image Builder
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/GUID-48AC6D6A-B936-4585-87...

Understanding vSphere ESXi Image Builder
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.esxi.install.doc/GUID-8AD0C421-092C-4677-A5...



Tags (1)
Reply
0 Kudos
toprockRS
Enthusiast
Enthusiast

This also affects exporting with HPE Vendor addons so pretty sure it´s vCenter´s fault

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot

This will never get fixed.  I opened the original SR and it took them 4 months to tell me to switch the port.  They never went in and fixed the code to allow it to download properly.  Now they broke exporting of images.

If you need to export images, do what I do.  Keep an ISO for vCenter 7.0.2 (0500) and spin it up when you need to.  That version still lets me build any ISO with any version of the vendor add-on and export it.  Until that stops working, we have a backdoor per se

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot

@depping What are the chances you can get this escalated? Look at the date of the post. It has been a year and LCM is still very much broken.  For those of us that have built custom ISOs and upgraded the tools, we cannot go back to the stock or vendor built ISO

I am running 7.0.3g with Tools 12.15 and Dell Addon-A09

I cannot export this image under the newest vCenter (or most of the 7.0.3) builds.  I cannot use the Dell ISO off VMware website because that only comes with tools 12.10 and creates a conflict.  It has put many customers in somewhat of a bind.

If you offer the service to build custom images and export them, it should be working.  We should not have to beg and wait for a year for support to fix this for us,

Please man, can you help us out here ?

Reply
0 Kudos
toprockRS
Enthusiast
Enthusiast

Just tested this on vCenter 8.0a and it is working fine to export a 7.0.3i + Dell / HPE Vendor addon so this seems to have been addressed in vSphere 8.

 

Also exporting an 8.0a + HPE is working fine!

depping
Leadership
Leadership


@pmichelli wrote:

@depping What are the chances you can get this escalated? Look at the date of the post. It has been a year and LCM is still very much broken.  For those of us that have built custom ISOs and upgraded the tools, we cannot go back to the stock or vendor built ISO

I am running 7.0.3g with Tools 12.15 and Dell Addon-A09

I cannot export this image under the newest vCenter (or most of the 7.0.3) builds.  I cannot use the Dell ISO off VMware website because that only comes with tools 12.10 and creates a conflict.  It has put many customers in somewhat of a bind.

If you offer the service to build custom images and export them, it should be working.  We should not have to beg and wait for a year for support to fix this for us,

Please man, can you help us out here ?


What is the Support Request number? (Shared this thread on our vLCM Slack Channel with the Pm/Eng team, hoping that will help)

Reply
0 Kudos