VMware Cloud Community
sharan_kallur
Contributor
Contributor
‎02-14-2022 07:45 PM

vRA 8.4.2 - intermittant error during VM provisioning

we quite infrequently get the following error:

SecurityException: : : Failed to query unique virtual machine by external id: [5022e22b-4504-03b6-5025-7e399dbee2cd]

Sometimes using the exact same blueprint, with the exact same inputs we get a successfull provisioning.

Question is what can be causing vRA so to fail the provisioning process so ”randomly”. There were instances where I could run the blueprint 20 times!! without failing, just to have it fail again after trying 2 hours later.

In the screenshots below you can see that there are occasions where we hit 10 continuos deployements withoug error, but other times is completely random....

The error is always the same, the UUID of the VM seems missing.  

SecurityException: : : Failed to query unique virtual machine by external id: [5022e22b-4504-03b6-5025-7e399dbee2cd]

Are there some vRA logs we can check? We already checked and in vCenter there are no errors logged during the whole provisioning process so we suspect it may be a vRA thing...

 

Any help would be greatly appriciated. 

Reply
0 Kudos
7 Replies
xian_
Expert
Expert
‎02-15-2022 01:42 PM

Check the logs on the appliance, especially /services-logs/prelude/provisioning-service-app/file-logs/provisioning-service-app.log

In our case the self signed certificate became untrusted on the cloud endpoint after an upgrade. The preceding error message, right before the SecurityException, shown the actual error:

Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti
on: unable to find valid certification path to requested target

Reply
sharan_kallur
Contributor
Contributor
‎02-22-2022 01:39 AM

Seems like this is know issue and fixed in 8.5+

https://docs.vmware.com/en/vRealize-Automation/8.4.2/rn/vRealize-Automation-842-releasenotes.html New Intermittent failure to deploy machine connected to an NSX-T network and contains tags The deployment fails with an error: "SecurityException: : : Failed to query unique virtual machine by external id: [UUID]". This occurs when vRA queries NSX for the machine in order to tag it on NSX and receives multiple records since the machine is migrated during vMotion. Workaround: Try to deploy again or disable vMotion.
Reply
ronaldod
Enthusiast
Enthusiast
‎02-23-2022 01:06 PM

Also a bug in the latest NSX-tT Seen double vm's in the NSX-T manager. Or even disappearing together and registered back in the manager without tags.

 

Reply
0 Kudos
sharan_kallur
Contributor
Contributor
‎04-04-2022 12:34 AM

VMware provided the hotfix for this issue.. thanks a lot all the suggestions.

Reply
0 Kudos
kritika021
Contributor
Contributor
‎02-05-2024 04:52 AM

@xian_  We have done patching to our vRA8.12.1 environment recently and after that the provisions started failing at "Add chef client" step with error "javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti
on: unable to find valid certification path to requested target" 
You said that after upgrade the certificate became untrusted in your environment. Could you please tell me how you resolved this issue?

Reply
0 Kudos
xian_
Expert
Expert
‎02-05-2024 02:18 PM

As far as I remember we re-validated the cloud account (opened it and clicked on Validate) in Cloud Assembly. Then it popped up a dialog to accept the cert and we were done.

Do you use the chef plugin of Orchestrator? I cannot see direct Aria integration to Chef. With this plugin I can see only Add and Delete Chef Host workflows, you may try to delete and re-add your host to cache the new cert.

Reply
0 Kudos
kritika021
Contributor
Contributor
‎02-05-2024 10:34 PM

@xian_ We have re-added the chef host but it didn't work

Reply
0 Kudos