Search the VMware Knowledge Base (KB)
View by Article ID

Unable to add vCenter to VMware App Volumes 3.0 (2144883)

  • 1 Ratings

Symptoms

  • Unable to add vCenter Server upon initial configuration of VMware App Volumes 3.0.
  • When attempting to add vCenter Server to App Volumes 3.0  you see error:

    Unable to connect to vCenter_Server_FQDN: Connection Failed

  • In the C:\Program Files(x86)\CloudVolumes\Manager\Log/production.log file, you see entries similar to:

   P2468R374  INFO Processing by Xms::Vsphere::VcentersController#create as JSON

    P2468R374  INFO   Parameters: {"data"=>{"name"=>"vCenter", "esx_username"=>"root", "esx_password"=>"[FILTERED]", "av_manager_ids"=>{"0"=>"13"}, "type"=>"Vcenter", "tenant_id"=>"", "id"=>"", "esx_hostname"=>"", "location"=>"", "created_at"=>"", "updated_at"=>"", "status"=>"pending", "status_message"=>"", "force"=>"false", "uuid"=>"", "service_ids"=>{"0"=>"13"}, "host"=>" vCenter_Server_FQDN", "username"=>"administrator@vsphere.local", "password"=>"[FILTERED]", "storage_prefix"=>"TL", "writable_storage_prefix"=>"TL"}}

   P2468R374  INFO   RvSphere: Connecting to vSphere "administrator@vsphere.local@vCenter_Server_FQDN" on "#<Thread:0x007fb1107187c0>"

 P2468R374  INFO   RvSphere: Using verified https vSphere connection to "administrator@vsphere.local@vCenter_Server_FQDN" using certificate authorities from "/usr/local/av-manager/config/cacert.pem"

   P2468R374 ERROR   RvSphere: Failed to connect to vSphere at "administrator@vsphere.local@vCenter_Server_FQDN": SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

  P2468R374  INFO Completed 400 Bad Request in 19.4ms (Views: 0.2ms | ActiveRecord: 6.7ms)

   P2468R374  INFO 


Cause

This issue occurs due to following reasons:
  • SSL verification is not been turned off for App Volumes 3.0.
  • vCenter CA certificate is not been added to the cacert.pem file within App Volumes 3.0.

Resolution

To resolve this issue:
  1. Default certificates (issued by VMware)

    By default, vCenter certificates are issued by a private VMware Certificate Authority.

    If you want to use vCenter with App Volumes 3.0 without replacing the default certificates:

    1. Export the default vCenter CA certificate by following the instructions provided in the Knowledge Base article  How to download and install vCenter Server root certificates to avoid Web Browser certificate warnings (2108294)
    2.  Copy the certificate data from the .0 file after following the instructions in the Knowledge Base article.

      This certificate data should be copied to the cacert.pem file.
  2. Single/chained corporate-signed (local/private) certificates

    To replace the vCenter default SSL certificate with a corporate-signed certificate follow Knowledge Base article Replacing default certificates with CA signed SSL certificates in vSphere 6.0 (2111219).

    Be sure to copy the corporate CA's public certificate and its contents to cacert.pem file. For more information refer See Handling Corporate-signed Certificates 
  3. Public CA-signed certificate 

To replace the vCenter default SSL certificate with a public CA-signed certificate follow Knowledge Base article Replacing default certificates with CA signed SSL certificates in vSphere 6.0 (2111219)

Ensure to copy the corporate CA's public certificate and its contents to cacert.pem file. For more information refer See Handling Corporate-signed Certificates 

The App Volumes trusted CA certificate store will point to the file set by the environment variable SSL_CERT_FILE, Hence you should set the value of SSL_CERT_FILE

Example: SSL_CERT_FILE=/user/local/av-manager/config/cacert.pem 

The SSL_CERT_FILE environment variable and the file to which it points should be readable by av-mgr user in the App Volumes OVA/VM.

Note: To disable SSL Certificate Validation only for vCenter Servers, run this command:

/etc/wemi/utils/disable_ssl_validation.sh

After modifying the cacert.pem file, restart the App Volumes appliance.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 1 Ratings
Actions
KB: