Search the VMware Knowledge Base (KB)
View by Article ID

Gemfire report certificate path errors in vRealize Operations Manager 6.x (2149714)

  • 1 Ratings

Symptoms

  • The Cisco UCS solution is installed.
  • The vRealize Operations Manager cluster does not come online.
  • The status of one or more node is Waiting for Analytics.
  • In the /storage/vcops/log/gemfire-locator.log file, you see entries similar to:

    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  • In the /storage/vcops/log/collector-wrapper.log file, you see entries similar to:

    INFO | jvm 1 | 2017/03/29 19:16:40 | java.io.FileNotFoundException: /usr/java/jre-vmware/lib/security/cacerts (Permission denied).

Purpose

This article provides steps to restore tcsserver.truststore in vRealize Operations Manager 6.4 and later.

Cause

This issue occurs because after the reboot of vRealize Operations Manager cluster, the tcserver.truststore file gets restored to default, losing the CA for the self signed cluster certificate.

Resolution

To resolve this issue, rebuild tcserver.truststore in the affected vRealize Operations Manager node using the self signed cluster certificate files.
  1. Log in to the affected vRealize Operations Manager node as root use through SSH or console.
  2. Stop the vRealize Operations Manager services using these commands:

    service vmware-casa stop
    service vmware-vcops stop
    service vmware-vcops-web stop

  3. Regenerate the self signed cluster certificate using this command:
     
    /usr/bin/env python /usr/lib/vmware-casa/bin/activate_web_certificate.py DEFAULT
  4. Restart the httpd services using this command:

    /usr/bin/env python /usr/lib/vmware-vcopssuite/utilities/bin/restartHttpd.py
  5. Move tcserver.truststore file to /tmp directory:

    mv /storage/vcops/user/conf/ssl/tcserver.truststore /tmp
  6. View  storePass.properties and make note of the truststore password:

    cat /storage/vcops/user/conf/ssl/storePass.properties

    For example:

    ssltruststorePassword= ulUL1Dx9+f6VcEa0fNGR8BPeJT4ap
  7. Rebuild tcserver.truststore using the self signed cluster certificate files using these commands:

    keytool -import -alias vmwarespc -file /usr/lib/vmware-vcopssuite/utilities/conf/vmwarespc.pem -keystore /storage/vcops/user/conf/ssl/tcserver.truststore -storepass password
    keytool -import -alias vcops-cluster-ca -file /storage/vcops/user/conf/ssl/cacert.pem -keystore /storage/vcops/user/conf/ssl/tcserver.truststore -storepass password

    Note: Replace password with the truststore password found in step 6.

    For example:

    keytool -import -alias vcops-cluster-ca -file /storage/vcops/user/conf/ssl/cacert.pem -keystore /storage/vcops/user/conf/ssl/tcserver.truststore -storepass ulUL1Dx9+f6VcEa0fNGR8BPeJT4ap
  8. Start the vRealize Operations Manager services using these commands:

    service vmware-casa start
    service vmware-vcops start
    service vmware-vcops-web start

Additional Information

The tcserver.truststore file will get overwritten on the next reboot and the resolution will have to be applied again.
To avoid this, stop all adapter instances of the Cisco UCS solution, or uninstall the Cisco UCS solution.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 1 Ratings
Actions
KB: