VMware Cloud Community
Jase_L
Contributor
Contributor

Error occurred while fetching machine certificates: This method requires authentication.

I upgraded from vCenter Server Appliance 6.7 to 7.0 (specifically 7.0.0a build 16189094) and when I go to Administration > Certificate Management in the vSphere client, I get the following error:

pastedImage_0.png

Is anyone else seeing this issue? Does anyone know of a fix?

Thanks

12 Replies
msripada
Virtuoso
Virtuoso

which account have you logged in as? I suspect it should work if attempted with SSO administrator. Please check the webclient logs at the same time of the error. or share the vcsa logs under /var/log/vmware/vshere-ui/log

thanks,

MS

Jase_L
Contributor
Contributor

I tried the root account and the SSO administrator account, and I get the same error.

Here are some entries I found in vsphere_client_virgo.log:

[2020-06-18T12:45:00.498Z] [ERROR] ate-service-thread-pool-1107  com.vmware.vise.vim.vapi.DefaultVapiConnectionControl             Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.tls.get

[2020-06-18T12:45:00.509Z] [ERROR] http-nio-5090-exec-100       70003584 100186 200007 com.vmware.vise.mvc.exception.GlobalExceptionHandler              Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/machine-cert?endPoint=myservername.mydomainname.com:  com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {

    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {

    id = vapi.method.authentication.required,

    defaultMessage = This method requires authentication.,

    args = [],

    params = <null>,

    localized = <null>

}],

    data = <null>,

    errorType = UNAUTHENTICATED,

    challenge = <null>

}

[2020-06-18T12:45:00.632Z] [ERROR] ate-service-thread-pool-1108  com.vmware.vise.vim.vapi.DefaultVapiConnectionControl             Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.trusted_root_chains.list

[2020-06-18T12:45:00.641Z] [ERROR] http-nio-5090-exec-122        com.vmware.vise.mvc.exception.GlobalExceptionHandler              Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/trusted-root-list?endPoint=myservername.mydomainname.com:  com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {     messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {     id = vapi.method.authentication.required,     defaultMessage = This method requires authentication.,     args = [],     params = ,     localized = }],     data = ,     errorType = UNAUTHENTICATED,     challenge = }

Thanks

Reply
0 Kudos
msripada
Virtuoso
Virtuoso

I am suspecting issues with STS certificate but unsure if we have a way to check in html5 without using jxplorer tool.. please open SR with GSS

If possible, try to restart vcenter services and does not solve then please open a ticket with GSS

thanks,

MS

Jase_L
Contributor
Contributor

I rebooted the server, but still have the issue.

Thanks for the suggestion on the STS certificate. I followed this KB:

VMware Knowledge Base 

When I ran the script, it returned 4 valid certs, and 0 expired certs. So, the STS certificate does not appear to be expired anyway.

Thanks

Reply
0 Kudos
msripada
Virtuoso
Virtuoso

There should be only one STS cert but you have 4 certs. So I still suspect it to be an issue.. I never mentioned issue with STS expire.. I mentioned issue with STS certificate

thanks,

MS

Reply
0 Kudos
Sajir
Contributor
Contributor

@Jase_L

Run the script "fixsts" available at VMware Knowledge Base  - (KB

76719)

This will solve the issue. Follow the instruction in that KB to be able to reset STS Certificate.

Reply
0 Kudos
Sajir
Contributor
Contributor

Resetting STS Cert resolved the issue.

VMware Knowledge Base (KB 76719)

sim73
Contributor
Contributor

Hi Jase, did you ever get this one sorted? We have the same issue after upgrading from 6.5 to 7 and converging to embedded PSC's.

Reply
0 Kudos
AdamForrester
Contributor
Contributor

Me too... seems to be certificate, or auth issue.

Reply
0 Kudos
TNICOL
Contributor
Contributor

We are getting the same problem. Does anyone have a suggested fix?

Fixsts scripts did not help, regenerating all certs using cer manager didn't help...

 

Thanks

Reply
0 Kudos
xHorizon
Contributor
Contributor

I had this problem and fixed it by importing the root CA certificate chain.

Reply
0 Kudos
taw6
Contributor
Contributor

What worked for us was combining the intermediate with the root in the second field.

We tried initially with adding the root certificate in the Trusted Root Certificate as logically that should have worked, but it seemed adding the root certificate to the intermediate solve the issue with error warning about TLS anchor error. The server restarted and worked as expected. 

We did not have to use administrator@vsphere.local or root account to achieve this and just a regular administrator sso user.

 

Reply
0 Kudos