Jase_L
Contributor
Contributor

Error occurred while fetching machine certificates: This method requires authentication.

I upgraded from vCenter Server Appliance 6.7 to 7.0 (specifically 7.0.0a build 16189094) and when I go to Administration > Certificate Management in the vSphere client, I get the following error:

pastedImage_0.png

Is anyone else seeing this issue? Does anyone know of a fix?

Thanks

10 Replies
msripada
Virtuoso
Virtuoso

which account have you logged in as? I suspect it should work if attempted with SSO administrator. Please check the webclient logs at the same time of the error. or share the vcsa logs under /var/log/vmware/vshere-ui/log

thanks,

MS

0 Kudos
Jase_L
Contributor
Contributor

I tried the root account and the SSO administrator account, and I get the same error.

Here are some entries I found in vsphere_client_virgo.log:

[2020-06-18T12:45:00.498Z] [ERROR] ate-service-thread-pool-1107  com.vmware.vise.vim.vapi.DefaultVapiConnectionControl             Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.tls.get

[2020-06-18T12:45:00.509Z] [ERROR] http-nio-5090-exec-100       70003584 100186 200007 com.vmware.vise.mvc.exception.GlobalExceptionHandler              Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/machine-cert?endPoint=myservername.mydomainname.com:  com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {

    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {

    id = vapi.method.authentication.required,

    defaultMessage = This method requires authentication.,

    args = [],

    params = <null>,

    localized = <null>

}],

    data = <null>,

    errorType = UNAUTHENTICATED,

    challenge = <null>

}

[2020-06-18T12:45:00.632Z] [ERROR] ate-service-thread-pool-1108  com.vmware.vise.vim.vapi.DefaultVapiConnectionControl             Maximum number of attempts reached while trying to call com.vmware.vcenter.certificate_management.vcenter.trusted_root_chains.list

[2020-06-18T12:45:00.641Z] [ERROR] http-nio-5090-exec-122        com.vmware.vise.mvc.exception.GlobalExceptionHandler              Exception handled while processing request for /ui/certificate-ui/ctrl/certificates/trusted-root-list?endPoint=myservername.mydomainname.com:  com.vmware.vapi.std.errors.Unauthenticated: Unauthenticated (com.vmware.vapi.std.errors.unauthenticated) => {     messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {     id = vapi.method.authentication.required,     defaultMessage = This method requires authentication.,     args = [],     params = ,     localized = }],     data = ,     errorType = UNAUTHENTICATED,     challenge = }

Thanks

0 Kudos
msripada
Virtuoso
Virtuoso

I am suspecting issues with STS certificate but unsure if we have a way to check in html5 without using jxplorer tool.. please open SR with GSS

If possible, try to restart vcenter services and does not solve then please open a ticket with GSS

thanks,

MS

Jase_L
Contributor
Contributor

I rebooted the server, but still have the issue.

Thanks for the suggestion on the STS certificate. I followed this KB:

VMware Knowledge Base 

When I ran the script, it returned 4 valid certs, and 0 expired certs. So, the STS certificate does not appear to be expired anyway.

Thanks

0 Kudos
msripada
Virtuoso
Virtuoso

There should be only one STS cert but you have 4 certs. So I still suspect it to be an issue.. I never mentioned issue with STS expire.. I mentioned issue with STS certificate

thanks,

MS

0 Kudos
Sajir
Contributor
Contributor

@Jase_L

Run the script "fixsts" available at VMware Knowledge Base  - (KB

76719)

This will solve the issue. Follow the instruction in that KB to be able to reset STS Certificate.

0 Kudos
Sajir
Contributor
Contributor

Resetting STS Cert resolved the issue.

VMware Knowledge Base (KB 76719)

sim73
Contributor
Contributor

Hi Jase, did you ever get this one sorted? We have the same issue after upgrading from 6.5 to 7 and converging to embedded PSC's.

0 Kudos
AdamForrester
Contributor
Contributor

Me too... seems to be certificate, or auth issue.

0 Kudos
TNICOL
Contributor
Contributor

We are getting the same problem. Does anyone have a suggested fix?

Fixsts scripts did not help, regenerating all certs using cer manager didn't help...

 

Thanks

0 Kudos