I'm starting the process of migrating a collection of VMs in a KVM environment to an existing vSphere cluster and am trying to use Converter (5.5) to do a live conversion/migration of an Ubuntu box, but it's failing due to create the virtual disk on one of hosts due to the SSL certificate, and I haven't found any other posts or articles specifically about this (seems like most SSL related items are about improving speed)
From the worker log, I can see that:
2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] SSL_IsVerifyEnabled: failed to read registry value. Falling back to default behavior: verification on. LastError = 0
2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] SSL: Unknown SSL Error
2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] SSL: connect failed
2014-08-07T09:35:13.947-07:00 [06620 warning 'Default'] [,0] [NFC ERROR] NfcNewAuthdConnectionEx: Failed to connect to peer. Error: The remote host certificate has these problems:
-->
--> * The host certificate chain is incomplete.
-->
--> * unable to get local issuer certificate
2014-08-07T09:35:13.947-07:00 [06620 info 'Default'] Sysimgbase_DiskLib_OpenWithPassPhrase failed with 'NBD_ERR_NETWORK_CONNECT' (error code:2338)
Is it possible to simply disable the certificate validation for this process? From the log, it sounds like there's a registry key that would control it, but I haven't found any information on it (or guessed it correctly). Or can I import that cert to the local Windows system running Converter to get around it (I haven't been successful with that approach yet either)
It's actually not clear to me which system is doing the validation. While the worker log states it connecting to the vSphere host, there is no such line indicating it's connecting to the host where the target VM is located, and it looks like that's the host with the certificate that is deemed invalid. Is the validation not happening on my local system that is running Converter? (the vCenter server settings shows that the "vCenter requires verified host SSL certificates" checkbox is unchecked already)
Thanks,
Scott
You may want to have a look at Re: An error occurred while opening a virtual disk. Verify that the converter server and the running... and let me know whether it works for you.
You may want to have a look at Re: An error occurred while opening a virtual disk. Verify that the converter server and the running... and let me know whether it works for you.
Yes, marking the destination host as valid in vCenter console eliminated the problem and conversion was successful. (it took a while to get the change made in the cluster)
Based on the description in the console, I figured that having disabling validation was the right thing. Oh well, we're all set now.
Thanks!
Scott