VMware Cloud Community
irvingpop_chef
Contributor
Contributor
‎10-23-2019 11:25 AM
Jump to solution

"Unable to query vSphere health information" and "Unable to query vSAN health information" after certificate replacement - VCSA 6.7U2

I attempted to replace my machine cert on my VCSA server.  After a few attempts I gave up and performed a full certificate reset using the `/usr/lib/vmware-vmca/bin/certificate-manager` tool.

Now I'm seeing the following errors in the UI when looking at any Health or vSAN information.   Anyone know how to resolve this?  I upgraded to 6.7.0.40000 and that didn't help.

Screen Shot 2019-10-23 at 11.14.28 AM.png

Screen Shot 2019-10-23 at 11.14.43 AM.png

Screen Shot 2019-10-23 at 11.14.54 AM.png

in my /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log I see lots of:

Caused by: com.vmware.vsphere.client.vsandp.core.sessionmanager.common.NotAccessibleException: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.PbmClient.getConnection(PbmClient.java:70)

at com.vmware.vsphere.client.vsan.base.impl.PbmDataProvider.getProfileIds(PbmDataProvider.java:181)

at com.vmware.vsphere.client.vsan.base.impl.PbmDataProvider.getStoragePolicies(PbmDataProvider.java:131)

at com.vmware.vsphere.client.vsan.base.impl.PbmDataProvider.getObjectCompatibleStoragePolicies(PbmDataProvider.java:118)

... 119 common frames omitted

Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:256)

at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:56)

at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226)

at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:106)

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:629)

...

Reply
30 Replies
krnap
Contributor
Contributor
‎12-13-2019 03:40 AM
Jump to solution

Hi Vijay2027, could you please also send me the commands? I have exact the same problem.

Thank you very much.

Reply
0 Kudos
Vijay2027
Expert
Expert
‎12-13-2019 03:44 AM
Jump to solution

Please look at the comment from irvingpop_chef

"you were right, it was definitely a complex and not self-fixable issue.  I had a number of services that were running with the wrong certificate.  GSS provided me with a script that fixed them all."

Please contact GSS.

Reply
0 Kudos
haroon197
Contributor
Contributor
‎07-06-2020 05:11 AM
Jump to solution

Hey, I am also facing the same problem, can you tell me the command they sent you ?

Reply
0 Kudos
vmjoe
Enthusiast
Enthusiast
‎07-17-2020 01:25 AM
Jump to solution

For me, this error is always fixed by just logging out and logging in again... (before, I was always deleting cookies, which also logs me out, but not even that seems necessary).

Latest vCenter 7, super annoying. Also tags are "disappearing" (just not shown), but they're there if I use another PC/browser/delete cookies....

Reply
0 Kudos
helplncc
Contributor
Contributor
‎09-15-2020 08:53 AM
Jump to solution

Sorry, but I'm kinda new to this.

I have the same issue here after our certs expired and I tried to renew them by myself.

What exactly is GSS and how do I contact them?

Thank you

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee
‎09-15-2020 09:27 AM
Jump to solution

GSS = Global Support Services

In other words, what most would call "tech support" (although they help with less tech stuff too)

However they are now known as Global Services, and you can contact them via this: Support Contact Options - VMware


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
greeshmaram
VMware Employee
VMware Employee
‎09-15-2020 01:03 PM
Jump to solution

Faced the same issue :

Virgo logs gave :

++++++

Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

++++++

Fixed the mismatch and the Skyline health was fine.

Reply
0 Kudos
csebesta
Contributor
Contributor
‎03-24-2022 03:39 PM
Jump to solution

Do you have the script?

Reply
0 Kudos
KikiH
Contributor
Contributor
‎12-23-2022 01:46 PM
Jump to solution

Where is the script? Same needed here.

Reply
0 Kudos
batur_orkun
Contributor
Contributor
‎03-29-2023 01:25 AM
Jump to solution

That is nice and simple. Solved my same problem too. but the main problem is low CPU.  Probably you should increase CPU for centre vm

Reply
0 Kudos
CLVincent82
Contributor
Contributor
‎01-18-2024 06:49 AM
Jump to solution

Hello.  Do you still have the commands you DM'd to people in this post?  I have the same issue, and it looks like all my certs are good.  I received it after doing my machine cert.

My other location also cannot see me in the vcenter client anymore, but I can see them.

Thank you in advance!

Tags (3)
Reply
0 Kudos