top of page

VCSA SSL Mismatch and Cannot Edit VM Properties

Today I had a weird issue. All the VM servers Hard disk properties cannot edit and if we notice on the below screen capture the disk size is zero

After checking the VCSA logs we found out that there is concern error in the eam.log


2022-07-25T01:11:33.238Z | INFO | vim-monitor | SessionManager.java | 144 | [Retry:Login:com.vmware.vim.eam:9b9bac63231af4d1] Logging extension com.vmware.vim.eam to vCenter

2022-07-25T01:11:33.238Z | INFO | vim-monitor | OpId.java | 37 | [vim:loginExtensionByCertificate:8d8f440e450a7f5] created from [Retry:Login:com.vmware.vim.eam:9b9bac63231af4d1]

2022-07-25T01:11:36.242Z | INFO | vim-async-2 | OpIdLogger.java | 43 | [vim:loginExtensionByCertificate:8d8f440e450a7f5] Failed.

2022-07-25T01:11:36.242Z | WARN | vim-async-2 | ExtensionSessionRenewer.java | 227 | [Retry:Login:com.vmware.vim.eam:9b9bac63231af4d1] Re-login failed, due to:

com.vmware.eam.security.NotAuthenticated: Failed to authenticate extension com.vmware.vim.eam to vCenter.


Based in the log it caused by: com.vmware.vim.binding.vim.fault.InvalidLogin: Cannot complete login due to an incorrect user name or password. ( Related to certificate issue )


To check if there are SSL Certificate mismatch or issue we use this 'lsdoctor' Tool


Troubleshooting Process:

- Download the Tool from this VMware KB https://kb.vmware.com/s/article/80469

- After you downloaded the tool you need to extract and dump to VCSA /tmp/ path ( Login to WINSCP )

- Run this command python /tmp/lsdoctor-master/lsdoctor.py -l to check any mismatch ssl certificaten and it will generate a report

- As showed below there are SSL Mismatch Detected

- You can get the generated log on this path location /var/log/vmware/lsdoctor (Login to WINSCP)

- To check the log content Run more /var/log/vmware/lsdoctor/VCSA-2022-07-26-214845.json

- To fix the mismatch cert Run this command python /tmp/lsdoctor-master/lsdoctor.py -t

- You need to provide the Local SSO Admin Account Password to continue

- You can see below there are 46 VCSA SSL mismatch cetificate

- After running the script it will re-register all the Mismatch SSL Cert and fix it

- Now to fully complate the process you need to restart the VCSA services by Running this service-control --stop --all && service-control --start --all to SSH

- Once vCenter Service is up and running you can check the VM properties

- The issue should be fix by now


Comentários


bottom of page