mizio79
Contributor
Contributor

HELP - VCSA error on vsphere-ui startup

Hello,

We've a problem on startup of vsphere-client and vsphere-ui services (VCSA 6.5) with the message below on stderror.log:

Exception in thread "WrapperSimpleAppMain" java.lang.RuntimeException: Error when writing to the jks-based keystore - /etc/vmware/vsphere-ui/keystore.jks

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.writeKeystoreToFile(TanukiWrapperEx.java:177)

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.loadKeystore(TanukiWrapperEx.java:121)

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.runCustomAction(TanukiWrapperEx.java:103)

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.run(TanukiWrapperEx.java:91)

        at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: Failed to copy certificate/key from vecs keystore to jks-based keystore.

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.populateJksKeystore(TanukiWrapperEx.java:206)

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.writeKeystoreToFile(TanukiWrapperEx.java:169)

        ... 4 more

Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys

        at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:258)

        at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56)

        at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117)

        at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70)

        at java.security.KeyStore.setKeyEntry(KeyStore.java:1140)

        at com.vmware.vise.vim.commons.tanuki.TanukiWrapperEx.populateJksKeystore(TanukiWrapperEx.java:197)

        ... 5 more

Accessing from browser we have the error: "503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x00007fb6f803bc50] _serverNamespace = /ui action = Allow _port = 5090)"

I haven't found kb or articles about this problem.

I need help pls.

Regards.

0 Kudos
3 Replies
daphnissov
Immortal
Immortal

If this is a matter of urgency, you should open a case with GSS.

0 Kudos
robintessier
Contributor
Contributor

Did you find a resolution for this issue?

0 Kudos
Ajay1988
VMware Employee
VMware Employee

Looks like an issue with a cert in Machine_SSL store.  

/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT >/tmp/MACHINE_SSL_CERT.txt and share this txt file

Also run   /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | grep Alias and share output

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ
0 Kudos