VMware Cloud Community
v_scott
Contributor
Contributor
‎08-07-2014 10:32 AM
Jump to solution

Conversion fails due to SSL certificate issues - can I work around this?

I'm starting the process of migrating a collection of VMs in a KVM environment to an existing vSphere cluster and am trying to use Converter (5.5) to do a live conversion/migration of an Ubuntu box, but it's failing due to create the virtual disk on one of hosts due to the SSL certificate, and I haven't found any other posts or articles specifically about this (seems like most SSL related items are about improving speed)

From the worker log, I can see that:

  • Converter is able to successfully create the target VM
  • The attempt to create the virtual disk fails due to the SSL certificate not being valid (All systems in the cluster appear to be using VMware default certs).  From the worker log file:

2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] SSL_IsVerifyEnabled: failed to read registry value. Falling back to default behavior: verification on. LastError = 0

2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] SSL: Unknown SSL Error

2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] SSL: connect failed

2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] [NFC ERROR] NfcNewAuthdConnectionEx: Failed to connect to peer. Error: The remote host certificate has these problems:

-->

--> * The host certificate chain is incomplete.

-->

--> * unable to get local issuer certificate

2014-08-07T09:35:13.947-07:00 [06620 info 'Default'] Sysimgbase_DiskLib_OpenWithPassPhrase failed with 'NBD_ERR_NETWORK_CONNECT' (error code:2338)

  • The target VM is deleted.

Is it possible to simply disable the certificate validation for this process?  From the log, it sounds like there's a registry key that would control it, but I haven't found any information on it (or guessed it correctly).  Or can I import that cert to the local Windows system running Converter to get around it (I haven't been successful with that approach yet either)

It's actually not clear to me which system is doing the validation.  While the worker log states it connecting to the vSphere host, there is no such line indicating it's connecting to the host where the target VM is located, and it looks like that's the host with the certificate that is deemed invalid.   Is the validation not happening on my local system that is running Converter? (the vCenter server settings shows that the "vCenter requires verified host SSL certificates" checkbox is unchecked already)

Thanks,

Scott

0 Kudos
1 Solution

Accepted Solutions
ivivanov
Expert
Expert
‎08-07-2014 10:37 AM
Jump to solution

You may want to have a look at Re: An error occurred while opening a virtual disk. Verify that the converter server and the running... and let me know whether it works for you.

__________
It is worse!

View solution in original post

0 Kudos
2 Replies
ivivanov
Expert
Expert
‎08-07-2014 10:37 AM
Jump to solution

You may want to have a look at Re: An error occurred while opening a virtual disk. Verify that the converter server and the running... and let me know whether it works for you.

__________
It is worse!
0 Kudos
v_scott
Contributor
Contributor
‎08-16-2014 09:22 AM
Jump to solution

Yes, marking the destination host as valid in vCenter console eliminated the problem and conversion was successful. (it took a while to get the change made in the cluster)

Based on the description in the console, I figured that having disabling validation was the right thing.   Oh well, we're all set now.

Thanks!

Scott

0 Kudos