TrekTrek12345
Contributor
Contributor

SSL-Updater tool Vmware 5.5 error

Hi,

Im getting an error when using the ssl-updater.bat (for 5.5) trying to update the SSO certificate.  I have created a V3 root cert using OpenSSL (after finding out V1 certs are not supported) and signed each of the CSR's that I generated using the tool, with the rootCa.workgroup cert.  I've created the pem chain for the SSO certificate and have attempted to replace, but the import fails with (in the cmd window)'The Service is not installed on that machine' and gives the output in the log below.   The certificate is valid in my MMC and the root is in the Trusted root store.

Any ideas? Stumped at step one of the plan...... Smiley Sad

Thanks

Nick

2015-07-21T16:57:32.278+0100 [execution] INFO  TOOL START

2015-07-21T16:57:33.001+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Loading private key file C:\certs\requests\vCenterSSO-VirtualCenter\rui.key

2015-07-21T16:57:33.106+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Loading certificate chain file C:\certs\requests\vCenterSSO-VirtualCenter\rui.pem

2015-07-21T16:57:33.175+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Loaded X.509 certificate for Subject: CN=VirtualCenter.WORKGROUP, OU=vCenterSSO-VirtualCenter, O=QuickFixPC Limited, L=Southampton, ST=Hampshire, C=GB

2015-07-21T16:57:33.178+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Loaded X.509 certificate for Subject: CN=RootCA.WORKGROUP, OU=vCenterRoot, O=QuickFixPC Limited, L=Southampton, ST=Hampshire, C=GB

2015-07-21T16:57:33.179+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Successfully loaded 2 certificate(s) from the chain file.

2015-07-21T16:57:33.277+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  The effective SSL certificate chain is:

2015-07-21T16:57:33.281+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO     [0] CN=VirtualCenter.WORKGROUP, OU=vCenterSSO-VirtualCenter, O=QuickFixPC Limited, L=Southampton, ST=Hampshire, C=GB

2015-07-21T16:57:33.281+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO     [1] CN=RootCA.WORKGROUP, OU=vCenterRoot, O=QuickFixPC Limited, L=Southampton, ST=Hampshire, C=GB

2015-07-21T16:57:33.288+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Checking certificates validity period.

2015-07-21T16:57:33.308+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Checking leaf certificate's suitability for the current machine.

2015-07-21T16:57:33.324+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] DEBUG Machine's FQHN: VirtualCenter.WORKGROUP

2015-07-21T16:57:33.328+0100 [c.v.s.c.c.i.DNSResolver] DEBUG DNS validation: resolving DNS for VirtualCenter.WORKGROUP (A/CNAME)

2015-07-21T16:57:33.394+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] DEBUG Machine has a resolvable hostname: VirtualCenter.WORKGROUP

2015-07-21T16:57:33.416+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] DEBUG Checking if leaf certificate is suitable for candidate address VirtualCenter.WORKGROUP.

2015-07-21T16:57:33.422+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] DEBUG Leaf certificate is suitable for VirtualCenter.WORKGROUP

2015-07-21T16:57:33.423+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] INFO  Checking the certificates key lengths.

2015-07-21T16:57:33.432+0100 [c.v.s.c.c.i.ServerSslConfigFactoryImpl] DEBUG Checking certificates signature algortihm types.

2015-07-21T16:57:33.462+0100 [execution] INFO  BEGIN UPDATE

2015-07-21T16:57:33.540+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Beginning certificate replacement procedure for Single Sign-On.

2015-07-21T16:57:33.541+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Checking if vCenter Single Sign-On service is running.

2015-07-21T16:57:33.700+0100 [c.v.s.c.c.i.RollbackSupportImpl] INFO  The existing configuration will be backed up to C:\certs\backup\sso-ssl-updater.backup

2015-07-21T16:57:33.742+0100 [c.v.s.c.c.i.RollbackSupportImpl] INFO  The backup directory `sso-ssl-updater.backup' did already exist and was moved to `sso-ssl-updater.backup.4'

2015-07-21T16:57:33.744+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Checking the password of administrator user Administrator.

2015-07-21T16:57:33.744+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Checking if vCenter Single Sign-On service is running.

2015-07-21T16:57:33.747+0100 [c.v.s.c.c.i.ServerToolsImpl] INFO  Creating remote Lookup Service tools with host 127.0.0.1 and port 7080

2015-07-21T16:57:33.758+0100 [c.v.s.c.c.i.ServerToolsImpl] DEBUG Trying to connect to Lookup Service at http://127.0.0.1:7080/lookupservice/sdk

2015-07-21T16:57:34.112+0100 [c.v.v.i.i.LookupServiceAccess] DEBUG Creating VMODL client for LookupService

2015-07-21T16:57:34.778+0100 [c.v.v.i.i.AdminServiceAccess] DEBUG Creating client for SSO Admin on address: http://127.0.0.1:7080/sso-adminserver/sdk/vsphere.local

2015-07-21T16:57:35.584+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:57:35.584+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  Possible remote API mismatch detected. Operation will continue, but errors are likely.

2015-07-21T16:57:35.584+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:57:35.846+0100 [c.v.v.s.c.SecurityTokenServiceConfig$ConnectionConfig] WARN  This configuration will establish untrusted connection with the STS server.It is acceptable for developing purposes only!

2015-07-21T16:57:38.783+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:57:38.783+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  Possible remote API mismatch detected. Operation will continue, but errors are likely.

2015-07-21T16:57:38.783+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:57:38.798+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Checking if vCenter Single Sign-On service is running.

2015-07-21T16:57:38.800+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  The vCenter Single Sign-On service is currently running but it must be stopped in order to perform a portion of the SSL certificate update operation.

2015-07-21T16:57:38.800+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Stopping the vCenter Single Sign-On service.

2015-07-21T16:57:38.804+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Waiting for service VMwareSTS to stop, 15 seconds.

2015-07-21T16:57:41.811+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Service did stop successfully.

2015-07-21T16:57:41.811+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Updating service container configuration

2015-07-21T16:57:41.811+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Updating STS Files

2015-07-21T16:57:41.811+0100 [c.v.s.c.c.i.RollbackSupportImpl] DEBUG Backing up (move) file C:\ProgramData\VMware\cis\runtime\VMwareSTS\conf\ssoserver.crt to C:\certs\backup\sso-ssl-updater.backup

2015-07-21T16:57:41.811+0100 [c.v.s.c.c.i.RollbackSupportImpl] DEBUG Backing up (move) file C:\ProgramData\VMware\cis\runtime\VMwareSTS\conf\ssoserver.p12 to C:\certs\backup\sso-ssl-updater.backup

2015-07-21T16:57:41.811+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Writing the sso SSL certificate in C:\ProgramData\VMware\cis\runtime\VMwareSTS\conf\ssoserver.crt

2015-07-21T16:57:41.811+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Writing the sso SSL certificate and private key in C:\ProgramData\VMware\cis\runtime\VMwareSTS\conf\ssoserver.p12

2015-07-21T16:57:41.905+0100 [c.v.s.c.ConfigureWindowsSslCommand] TRACE In updateLsIfCan

2015-07-21T16:57:41.905+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Checking if vCenter Single Sign-On service is running.

2015-07-21T16:57:41.905+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  The vCenter Single Sign-On service is not currently running but it must be started in order to perform a portion of the SSL certificate update operation.

2015-07-21T16:57:41.905+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Starting the vCenter Single Sign-On service.

2015-07-21T16:57:41.920+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Waiting for service VMwareSTS to start, 15 seconds.

2015-07-21T16:57:44.952+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Service did start successfully.

2015-07-21T16:57:44.952+0100 [c.v.s.c.c.i.ServerToolsImpl] INFO  Creating remote Lookup Service tools with host 127.0.0.1 and port 7080

2015-07-21T16:57:44.952+0100 [c.v.s.c.c.i.ServerToolsImpl] DEBUG Trying to connect to Lookup Service at http://127.0.0.1:7080/lookupservice/sdk

2015-07-21T16:57:44.952+0100 [c.v.v.i.i.LookupServiceAccess] DEBUG Creating VMODL client for LookupService

2015-07-21T16:58:26.683+0100 [c.v.v.i.i.AdminServiceAccess] DEBUG Creating client for SSO Admin on address: http://127.0.0.1:7080/sso-adminserver/sdk/vsphere.local

2015-07-21T16:58:27.359+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:58:27.360+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  Possible remote API mismatch detected. Operation will continue, but errors are likely.

2015-07-21T16:58:27.360+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:58:27.616+0100 [c.v.v.s.c.SecurityTokenServiceConfig$ConnectionConfig] WARN  This configuration will establish untrusted connection with the STS server.It is acceptable for developing purposes only!

2015-07-21T16:58:30.549+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:58:30.549+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  Possible remote API mismatch detected. Operation will continue, but errors are likely.

2015-07-21T16:58:30.549+0100 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2015-07-21T16:58:30.550+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Updating the SSO endpoints in the Lookup Service.

2015-07-21T16:58:30.565+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  This is Single Sign-On single-node install. All Single Sign-On endpoints are served from this node.

2015-07-21T16:58:31.155+0100 [c.v.s.c.c.i.LookupServiceToolsRemoteImpl] DEBUG Updating the Lookup Service record for the Security Token Service

2015-07-21T16:58:31.958+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Checking if vCenter Single Sign-On service is running.

2015-07-21T16:58:31.969+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  The vCenter Single Sign-On service is currently running but it must be stopped in order to undo a portion of the SSL certificate update operation.

2015-07-21T16:58:31.969+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Stopping the vCenter Single Sign-On service.

2015-07-21T16:58:32.026+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Waiting for service VMwareSTS to stop, 15 seconds.

2015-07-21T16:58:35.041+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Service did stop successfully.

2015-07-21T16:58:35.041+0100 [c.v.s.c.c.i.RollbackSupportImpl] DEBUG File C:\ProgramData\VMware\cis\runtime\VMwareSTS\conf\ssoserver.crt successfully restored from sso-ssl-updater.backup\ssoserver.crt

2015-07-21T16:58:35.041+0100 [c.v.s.c.c.i.RollbackSupportImpl] DEBUG File C:\ProgramData\VMware\cis\runtime\VMwareSTS\conf\ssoserver.p12 successfully restored from sso-ssl-updater.backup\ssoserver.p12

2015-07-21T16:58:35.041+0100 [c.v.s.c.ConfigureWindowsSslCommand] ERROR An error ocurred during the certificate replacement procedure:null

2015-07-21T16:58:35.041+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG

com.vmware.vim.binding.vmodl.fault.SecurityError: null

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.7.0_76]

at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) ~[na:1.7.0_76]

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) ~[na:1.7.0_76]

at java.lang.reflect.Constructor.newInstance(Unknown Source) ~[na:1.7.0_76]

at java.lang.Class.newInstance(Unknown Source) ~[na:1.7.0_76]

at com.vmware.vim.vmomi.core.types.impl.ComplexTypeImpl.newInstance(ComplexTypeImpl.java:171) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.types.impl.DefaultDataObjectFactory.newDataObject(DefaultDataObjectFactory.java:26) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.ComplexStackContext.<init>(ComplexStackContext.java:33) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.parse(UnmarshallerImpl.java:135) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.unmarshall(UnmarshallerImpl.java:98) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl.unmarshalSoapFault(UnmarshallerImpl.java:84) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.client.common.impl.SoapFaultStackContext.setValue(SoapFaultStackContext.java:37) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.ResponseUnmarshaller.unmarshal(ResponseUnmarshaller.java:97) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.unmarshalResponse(ResponseImpl.java:245) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setResponse(ResponseImpl.java:203) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:126) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:533) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:514) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:302) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:272) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169) ~[vlsi-client.jar:na]

at com.sun.proxy.$Proxy32.updateService(Unknown Source) ~[na:na]

at com.vmware.sso.cfg.components.impl.LookupServiceToolsRemoteImpl.updateService(LookupServiceToolsRemoteImpl.java:242) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.components.impl.LookupServiceToolsRemoteImpl.rollbackSsoRecords(LookupServiceToolsRemoteImpl.java:119) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.undoLsChanges(ConfigureWindowsSslCommand.java:340) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.updateLsIfCan(ConfigureWindowsSslCommand.java:186) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.updateSsoIfCan(ConfigureWindowsSslCommand.java:171) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.execute(ConfigureWindowsSslCommand.java:128) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand$execute.call(Unknown Source) [sso-updater.jar:na]

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.8.jar:1.8.8]

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.8.jar:1.8.8]

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.8.jar:1.8.8]

at com.vmware.sso.cfg.SsoUpdaterMain.main(SsoUpdaterMain.groovy:67) [sso-updater.jar:na]

2015-07-21T16:58:35.041+0100 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG Checking if vCenter Single Sign-On service is running.

2015-07-21T16:58:35.041+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  The vCenter Single Sign-On service is not currently running but it was in the beginning. Starting it.

2015-07-21T16:58:35.056+0100 [c.v.s.c.ConfigureWindowsSslCommand] INFO  Starting the vCenter Single Sign-On service.

2015-07-21T16:58:35.181+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Waiting for service VMwareSTS to start, 15 seconds.

2015-07-21T16:58:38.212+0100 [c.v.s.c.c.i.ServiceControlImpl] INFO  Service did start successfully.

2015-07-21T16:58:38.212+0100 [execution] INFO  TOOL END with status code = 2

0 Kudos
4 Replies
walbrown
Contributor
Contributor

Hi,

I'm seeing exactly the same error, did you get anywhere with this problem?

Thanks,
Wally

0 Kudos
RoyJK
Contributor
Contributor

Hello,

I've just hit exactly the same problem. Did either of you happen to find a fix for this?

Would really,really appreciate knowing the cause if you did fix it.

Thanks in advance,

Roy

0 Kudos
Zewwy
Contributor
Contributor

I had to renew my internal based certificates, as I follow best practice and don't use self sign certs. The Funny part is we've set up so much alerting now here to be proactive vs reactive. So when I got in on Monday after a couple failed backup jobs, I discovered that the account i had setup couldn't login into vCenter, and neither could I. Even though everything showed green on my monitoring board. Turns out all errors were telling me my certificates had expired (Doh! I don't have monitoring for the certs on these!)

Quickly reading my setup documentation, I hit the same snag here, and called support.. turns out I had nested another folder in this one labeled SSLtool5.5. Which turned out to have the same scripts but updated?

Not exactly sure, turns out this one worked fine. I attempted to find a direct link to the latest version of the tool on VMware download page, I finally did find it under the specific vCenter instance, I guess they have a set version of the tool for each specific releases of vCenter, including specific updates.. I got the from the 3e update list of vcenter (direct link)

I'd suggest trying to grab the latest version of the tool if you can. Renewing SSL certificates was the most painful thing ever in vCenter 5.5, 24+ Steps and you hit this wall in step 5 a.

As I mentioned I got lucky and happened to have another version of the tool I placed in a 5.5 folder. Sorry I didn't provide a MD5 hash but I'm not sure how many iterations of this script they have (It is a batch script after-all, Where's the powershell at?)

0 Kudos
ChuckH2020
Contributor
Contributor

I am running to the same error trying to update the certificates today.  They have currently expired.  I have downloaded the lastest version of the SSL updater tool.

I have tried following these:

VMware Knowledge Base

VMware Knowledge Base

When I run the tool, at the command prompt window I get the following error:

Error: An error occurred during the certificate replacement procedure:null

When I check the logs there are a couple things of interest.  First:

2020-06-01T11:42:01.377-0400 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2020-06-01T11:42:01.378-0400 [c.v.v.s.a.c.v.i.AbstractClient] WARN  Possible remote API mismatch detected. Operation will continue, but errors are likely.

2020-06-01T11:42:01.378-0400 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2020-06-01T11:42:01.510-0400 [c.v.v.s.c.SecurityTokenServiceConfig$ConnectionConfig] WARN  This configuration will establish untrusted connection with the STS server.It is acceptable for developing purposes only!

2020-06-01T11:42:04.601-0400 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

2020-06-01T11:42:04.602-0400 [c.v.v.s.a.c.v.i.AbstractClient] WARN  Possible remote API mismatch detected. Operation will continue, but errors are likely.

2020-06-01T11:42:04.602-0400 [c.v.v.s.a.c.v.i.AbstractClient] WARN  ******* WARNING ****** WARNING ****** WARNING *******

API Mismatch?  Could this be the problem?  If so, any idea how I resolve it?

The other thing in the log:

2020-06-01T11:42:08.598-0400 [c.v.s.c.ConfigureWindowsSslCommand] ERROR An error ocurred during the certificate replacement procedure:null

2020-06-01T11:42:08.598-0400 [c.v.s.c.ConfigureWindowsSslCommand] DEBUG

com.vmware.vim.binding.vmodl.fault.SecurityError: null

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.7.0_95]

at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) ~[na:1.7.0_95]

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) ~[na:1.7.0_95]

at java.lang.reflect.Constructor.newInstance(Unknown Source) ~[na:1.7.0_95]

at java.lang.Class.newInstance(Unknown Source) ~[na:1.7.0_95]

at com.vmware.vim.vmomi.core.types.impl.ComplexTypeImpl.newInstance(ComplexTypeImpl.java:171) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.types.impl.DefaultDataObjectFactory.newDataObject(DefaultDataObjectFactory.java:26) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.ComplexStackContext.<init>(ComplexStackContext.java:33) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.parse(UnmarshallerImpl.java:135) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.unmarshall(UnmarshallerImpl.java:98) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl.unmarshalSoapFault(UnmarshallerImpl.java:84) ~[vlsi-core.jar:na]

at com.vmware.vim.vmomi.client.common.impl.SoapFaultStackContext.setValue(SoapFaultStackContext.java:37) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.ResponseUnmarshaller.unmarshal(ResponseUnmarshaller.java:97) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.unmarshalResponse(ResponseImpl.java:245) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setResponse(ResponseImpl.java:203) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:126) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:533) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:514) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:302) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:272) ~[vlsi-client.jar:na]

at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169) ~[vlsi-client.jar:na]

at com.sun.proxy.$Proxy32.updateService(Unknown Source) ~[na:na]

at com.vmware.sso.cfg.components.impl.LookupServiceToolsRemoteImpl.updateService(LookupServiceToolsRemoteImpl.java:242) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.components.impl.LookupServiceToolsRemoteImpl.rollbackSsoRecords(LookupServiceToolsRemoteImpl.java:119) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.undoLsChanges(ConfigureWindowsSslCommand.java:340) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.updateLsIfCan(ConfigureWindowsSslCommand.java:186) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.updateSsoIfCan(ConfigureWindowsSslCommand.java:171) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand.execute(ConfigureWindowsSslCommand.java:128) ~[sso-updater.jar:na]

at com.vmware.sso.cfg.ConfigureWindowsSslCommand$execute.call(Unknown Source) [sso-updater.jar:na]

at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.8.jar:1.8.8]

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.8.jar:1.8.8]

at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.8.jar:1.8.8]

at com.vmware.sso.cfg.SsoUpdaterMain.main(SsoUpdaterMain.groovy:67) [sso-updater.jar:na]

Any help would be greatly appreciated.

0 Kudos