Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Logging in using vSphere Web Client fails on a vCenter Server Appliance with the error: Failed to connect to VMware Lookup Service https://... SSL verification failed (2058430)

Symptoms

  • You are unable to log in to the vSphere Web Client.
  • The vSphere Web Client fails with the error:

    Failed to connect to VMware Lookup Service https://VCSA_IPAddress/lookupservice/sdk. SSL verification failed.

    Where VCSA_IPAddress is the configured IP address of the vCenter Server Appliance

  • This issue occurs when you deploy the vCenter Server Appliance (VCSA) with an unique hostname other than the default localhost.localdom
  • This issue occurs when you correctly create SSL certificates, either manually or by using certificate regeneration on the VCSA Admin page.
  • This issue occurs when your custom SSL certificates are issued to the VCSA hostname rather than the VCSA IP address.

Resolution

To resolve this issue, replace the VCSA IP address with the VCSA hostname in the lookup service configuration file, ls_url.txt file.
 
To replace the VCSA IP address with the VCSA hostname in the ls_url.txt file:
  1. Log in to the VCSA as the root user
  2. Navigate to the /etc/vmware-sso directory using the command:

    cd /etc/vmware-sso

  3. Take a backup copy of the ls_url.txt file using the command:

    cp ls_url.txt ls_url.txt.bak

  4. Open the ls_url.txt file using a text editor
  5. Replace the VCSA IP address with the hostname of the VCSA. For example:

    https://XXXXXXXXXX/lookupservice/sdk

    Where XXXXXXXXXX is the hostname of the VCSA.

    Note: This is typically the FQDN hostname of the VCSA. Ensure that it matches the common name (CN) name on the certificate.

  6. Restart the VCSA services by running the commands:

    /etc/init.d/vmware-vpxd restart
    /etc/init.d/vmware-sso restart
    /etc/init.d/vmware-inventoryservice restart


    Or

    Restart the VCSA.

Alternatively, you can use this workaround to regenerate the certificates for the vCenter Server Appliance.

To regenerate the certificates for the vCenter Server Appliance:

  1. Temporarily change the IP address of the vCenter Server Appliance to a different, unused IP address
  2. Restart the vCenter Server Appliance
  3. Change the IP address of the vCenter Server Appliance back to the original IP address
  4. Restart the vCenter Server Appliance
  5. Log in to the vCenter Server Appliance management webpage, https://vcenterserverip:5480
  6. Click the Administration tab and select Yes for Certificate Regeneration Enabled
  7. Click the Submit to save the changes
  8. Restart the vCenter Server Appliance

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 10 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 10 Ratings
Actions
KB: