vSAN Providers display the status as disconnected in the vSphere Web Client
search cancel

vSAN Providers display the status as disconnected in the vSphere Web Client

book

Article ID: 319934

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSAN VMware vSphere ESXi

Issue/Introduction

Symptoms:
Note: If you are experiencing an error with certificate unknown on Horizon see SSL certificate "Unknown" for View Composer Server on Horizon Administrator health dashboard.
  • vSAN Providers display status as disconnected (To see this in the vSphere Web Client, navigate to vCenter Server > Manage > Storage Providers.).
  • A resynchronization operation fails to refresh the connection status.
  • In the /var/log/vsanvpd.log file, you see entries similar to:

    vsanvpd.log: 2015-04-27T00:39:42Z vsanSoapServer: ssl_verify_cert:759:ssl_verify_cert: client certificate not presented
    vsanvpd.log: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
    vsanvpd.log: 2015-04-27T00:40:08Z vsanSoapServer: ssl_verify_cert:759:ssl_verify_cert: client certificate not presented
    vsanvpd.log: 2015-04-27T00:40:08Z vsanSoapServer: registerVASACertificate:332:New certificate has been added to trust store
    vsanvpd.log: 2015-04-27T00:40:13Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/castore.pem: certificate has expired (10)
    vsanvpd.log: 2015-04-27T00:40:13Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/vsanvp_castore.pem: self signed certificate (18)
    vsanvpd.log: 2015-04-27T01:19:12Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/castore.pem: certificate has expired (10)
    vsanvpd.log: 2015-04-27T01:19:12Z vsanSoapServer: verify_cert_with_store:813:Cannot verify cert with CA store /etc/vmware/ssl/vsanvp_castore.pem: self signed certificate (18)

    Note: The preceding log excerpts are only examples. Date, time and environmental variables may vary depending on your environment.


Environment

VMware vCenter Server Appliance 6.0.x
VMware vSphere ESXi 6.0
VMware vSAN 6.2.x
VMware vCenter Server 6.0.x

Cause

This issue occurs if the SMS certificate for vCenter server is expired.

Resolution


To resolve this issue, remove the expired certificate and generate a new certificate.
 
For Windows vCenter Server:
 
  1. Open a command prompt in Windows vCenter server.
  2. Navigate to C:\Program Files\VMware\vCenter Server\vmafdd.
  3. To verify the expiry date of SMS certificate, run this command:

    vecs-cli entry list --store SMS –-text
     
  4. If the certificate is expired, delete the certificate store by running this command:

    vecs-cli store delete --name SMS
     
  5. Restart VMware vSphere Profile-Driven Storage Service and VMware vSphere Web Client to re-generate the SMS certificate store.
  6. In the vSphere Web Client, navigate to vCenter Server > Manage > Storage Providers.
  7. Click on Synchronize all Virtual SAN storage providers button.
 
For VMware vCenter Server Appliance for Linux:
 
  1. Log in to the vCenter Server Appliance using SSH and navigate to:

    /usr/lib/vmware-vmafd/bin
     
  2. To verify the expiry date of SMS certificate, run this command:

    ./vecs-cli entry list --store SMS --text
     
  3. If the certificate is expired, delete the certificate store by running the command:

    ./vecs-cli store delete --name SMS
     
  4. Restart VMware vSphere Profile-Driven Storage Service and VMware vSphere Web Client to re-generate the SMS certificate store.
  5. In the vSphere Web Client, navigate to vCenter Server > Manage > Storage Providers.
  6. Click on Synchronize all Virtual SAN storage providers button.


Additional Information

Powered by Wolken Software