Highlighted
Contributor
Contributor

Error occurred while fetching machine certificates: This method requires authentication.

I upgraded from vCenter Server Appliance 6.7 to 7.0 (specifically 7.0.0a build 16189094) and when I go to Administration > Certificate Management in the vSphere client, I get the following error:

pastedImage_0.png

Is anyone else seeing this issue? Does anyone know of a fix?

Thanks

8 Replies
Highlighted
Commander
Commander

which account have you logged in as? I suspect it should work if attempted with SSO administrator. Please check the webclient logs at the same time of the error. or share the vcsa logs under /var/log/vmware/vshere-ui/log

thanks,

MS

0 Kudos
Highlighted
Contributor
Contributor

I tried the root account and the SSO administrator account, and I get the same error.

Here are some entries I found in vsphere_client_virgo.log:

[2020-06-18T12:45:00.498Z] [ERROR] ate-service-thread-pool-1107  com.vmware.vise.vim.vapi.DefaultVapiConnectionControl             Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.tls.get

[2020-06-18T12:45:00.509Z] [ERROR] http-nio-5090-exec-100       70003584 100186 200007 com.vmware.vise.mvc.exception.GlobalExceptionHandler              Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/machine-cert?endPoint=myservername.mydomainname.com:  com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {

    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {

    id = vapi.method.authentication.required,

    defaultMessage = This method requires authentication.,

    args = [],

    params = <null>,

    localized = <null>

}],

    data = <null>,

    errorType = UNAUTHENTICATED,

    challenge = <null>

}

[2020-06-18T12:45:00.632Z] [ERROR] ate-service-thread-pool-1108  com.vmware.vise.vim.vapi.DefaultVapiConnectionControl             Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.trusted_root_chains.list

[2020-06-18T12:45:00.641Z] [ERROR] http-nio-5090-exec-122        com.vmware.vise.mvc.exception.GlobalExceptionHandler              Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/trusted-root-list?endPoint=myservername.mydomainname.com:  com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {     messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {     id = vapi.method.authentication.required,     defaultMessage = This method requires authentication.,     args = [],     params = ,     localized = }],     data = ,     errorType = UNAUTHENTICATED,     challenge = }

Thanks

0 Kudos
Highlighted
Commander
Commander

I am suspecting issues with STS certificate but unsure if we have a way to check in html5 without using jxplorer tool.. please open SR with GSS

If possible, try to restart vcenter services and does not solve then please open a ticket with GSS

thanks,

MS

Highlighted
Contributor
Contributor

I rebooted the server, but still have the issue.

Thanks for the suggestion on the STS certificate. I followed this KB:

VMware Knowledge Base 

When I ran the script, it returned 4 valid certs, and 0 expired certs. So, the STS certificate does not appear to be expired anyway.

Thanks

0 Kudos
Highlighted
Commander
Commander

There should be only one STS cert but you have 4 certs. So I still suspect it to be an issue.. I never mentioned issue with STS expire.. I mentioned issue with STS certificate

thanks,

MS

0 Kudos
Highlighted
Contributor
Contributor

@Jase_L

Run the script "fixsts" available at VMware Knowledge Base  - (KB

76719)

This will solve the issue. Follow the instruction in that KB to be able to reset STS Certificate.

0 Kudos
Highlighted
Contributor
Contributor

Resetting STS Cert resolved the issue.

VMware Knowledge Base (KB 76719)

Highlighted
Contributor
Contributor

Hi Jase, did you ever get this one sorted? We have the same issue after upgrading from 6.5 to 7 and converging to embedded PSC's.

0 Kudos