pb3
Contributor
Contributor

VC error - unable to decrypt passwords stored in the customization specification

Hi Folks,

I'm a relative newbie to Vmware and this is my first post so please go easy on me Smiley Happy

I'm using VC 2.5 / ESX 3.5

Now I recently went through the steps in an article I found in this community to configure VC to use a certificate issued by a Microsoft CA. This makes sense in our case as we have an internal Microsoft CA which is automatically trusted by our clients. I understand however that use of a Microsoft CA is not officially supported by VMware?

The change of certificate appeared to work and the usual certificate warning is no longer displayed on connection to the VC.

However I've just noticed that we are no longer able to deploy VMs using customization specifications. The deployment fails with an error "The VirtualCenter server is unable to decrypt passwords stored in the customization specification". We've tried creating a new customization template but had exactly the same results.

I suspect the problem is related to our changing the default VC certificate. I remember as part of process of changing the certificate you need to re-encrypt the password used for the database connection. This is proably a similar sort of thing. I not sure whether the use of the of a Microsoft CA plays any part in this.

So.. Has anyone had similar problems after changing the default VC certificate?

I've done a search and a couple of previous posts suggests a workaround of exporting the customization file and editing it to remove the password encryption setting. I'm not really happy with this workaround as the customization file contains administrator credentials.

Any help/advice appreciated!

Peter

0 Kudos
5 Replies
fleeb
Contributor
Contributor

I'm having this same issue, so any help would be much appreciated. I know I can export the cusotmization spec and store the passwords in plain text, that is just not optimal in our environment.

Thanks,

Mike

0 Kudos
JoJoGabor
Expert
Expert

Did you ever resolve this issue? I've got exactly the same problem after updating the certs

0 Kudos
steve31783
Enthusiast
Enthusiast

Has anyone figured this out a solution to this? I am having this exact same issue.

0 Kudos
pb3
Contributor
Contributor

Hi,

Afraid I missed your follow-up.

I this raise this issue through our Vmware pre-sales consultant, who confirmed that it is a known issue and was being worked on by Vmware's engineers. This was a while back and prior to update 2.

Given the issues we decided not to change the default certificates.

Has anyone tried changing the default certificates with Update 2?

Peter

0 Kudos
JoJoGabor
Expert
Expert

I have recently applied update 2 but still have the same problem. This is a fairly big problem as we want to use the Citrix VDI broker which needs to have a trusted certificate to talk to the sdk and you also need to be able to provision new machines on the fly.

0 Kudos