Failed to connect to VMware Lookup Service ... SSL Certificate verification failed.

Source: Internet
Author: User
Tags ssl certificate

Today landing Vspher web-client time, the error is as follows:

Failed to connect to VMware Lookup Service Https://vc-test.cebbank.com:7444/lookupservice/sdk-SSL Certificate Verificat Ion failed.

Put the dog search and self-test, according to the problem type has the following two kinds of solutions, I first say how to get the details of the error, and then give everyone two solutions.

1. Get the error log

Vsphere server enters the%temp% path, verbose error log in Vm_ssoreg.log and Vminst.log, your machine may not be able to see this log, no matter. I have my log messages listed below.

[2016-08-22 10:58:13,758 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] Com.vmware.vim.vmomi.core.exception.CertificateValidationException:Server Certificate Assertion not verified and Thumbprint not matched
[2016-08-22 10:58:13,760 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess]
com.vmware.vim.vmomi.client.exception.SslException: Com.vmware.vim.vmomi.core.exception.CertificateValidationException:Server Certificate Assertion not verified and Thumbprint not matched
At Com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError (responseimpl.java:224)
At Com.vmware.vim.vmomi.client.http.impl.HttpExchange.run (httpexchange.java:131)
At com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send (httpprotocolbindingimpl.java:98)
At Com.vmware.vim.vmomi.client.common.impl.methodinvocationhandlerimpl$callexecutor.sendcall ( methodinvocationhandlerimpl.java:533)
At Com.vmware.vim.vmomi.client.common.impl.methodinvocationhandlerimpl$callexecutor.executecall ( methodinvocationhandlerimpl.java:514)
At Com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall ( methodinvocationhandlerimpl.java:302)
At Com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation ( methodinvocationhandlerimpl.java:272)
At Com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke ( methodinvocationhandlerimpl.java:169)
At Com.sun.proxy. $Proxy 22.retrieveServiceContent (Unknown Source)
At Com.vmware.vim.install.impl.LookupServiceAccess.createLookupService (lookupserviceaccess.java:98)
At com.vmware.vim.install.impl.lookupserviceaccess.<init> (lookupserviceaccess.java:56)
At com.vmware.vim.install.impl.registrationproviderimpl.<init> (registrationproviderimpl.java:55)
At Com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider ( registrationproviderfactory.java:143)
At Com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider ( REGISTRATIONPROVIDERFACTORY.JAVA:60)
At Com.vmware.vim.install.cli.commands.CommandArgumentsParser.createServiceProvider ( commandargumentsparser.java:241)
At Com.vmware.vim.install.cli.commands.CommandArgumentsParser.parseCommand (commandargumentsparser.java:101)
At Com.vmware.vim.install.cli.commands.CommandFactory.createValidateLsCommand (commandfactory.java:36)
At com.vmware.vim.install.cli.RegTool.process (regtool.java:91)
At Com.vmware.vim.install.cli.RegTool.main (regtool.java:38)
caused By:com.vmware.vim.vmomi.core.exception.CertificateValidationException:Server certificate assertion not Verified and thumbprint not matched
At Com.vmware.vim.vmomi.client.http.impl.thumbprinttrustmanager$hostnameverifier.verify ( thumbprinttrustmanager.java:267)
At Com.vmware.vim.vmomi.client.http.impl.thumbprinttrustmanager$hostnameverifier.verify ( thumbprinttrustmanager.java:230)
At Org.apache.http.conn.ssl.SSLSocketFactory.connectSocket (sslsocketfactory.java:339)
At Org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection ( defaultclientconnectionoperator.java:123)
At Org.apache.http.impl.conn.AbstractPoolEntry.open (abstractpoolentry.java:147)
At Org.apache.http.impl.conn.AbstractPooledConnAdapter.open (abstractpooledconnadapter.java:108)
At Org.apache.http.impl.client.DefaultRequestDirector.execute (defaultrequestdirector.java:415)
At Org.apache.http.impl.client.AbstractHttpClient.execute (abstracthttpclient.java:641)
At Org.apache.http.impl.client.AbstractHttpClient.execute (abstracthttpclient.java:576)
At Com.vmware.vim.vmomi.client.http.impl.HttpExchange.run (httpexchange.java:111)
... more
caused by:javax.net.ssl.SSLException:hostname in certificate didn ' t match: <vc-test.cebbank.com>! = < " ssoserver> OR <vc-test.cloud.cebbank.com>
At org.apache.http.conn.ssl.AbstractVerifier.verify (abstractverifier.java:220)
At org.apache.http.conn.ssl.StrictHostnameVerifier.verify (stricthostnameverifier.java:61)
At org.apache.http.conn.ssl.AbstractVerifier.verify (abstractverifier.java:149)
At Com.vmware.vim.vmomi.client.http.impl.thumbprinttrustmanager$hostnameverifier.verify ( thumbprinttrustmanager.java:253)
... more

According to the above red part of the font, you can tell me this machine is due to modify the Hosts file registration, there are two ways to modify

2. Solution One: Reconfigure SSL certificate

For Vsca (VMware vCenter Server Appliance), integrated on a single machine, directly on the page to modify the configuration, and reboot, directly refer to the failed to connect to VMware Lookup Service–ssl C Ertificate verification Failed.

If too lazy to see, step I also copied over, as follows:

    1. Log in the VCSA itself via https://<vcsa-name>:5480
    2. Navigate to the ' Admin ' tab
    3. Turn 'Certificate regeneration enabled' to 'Yes' by using the 'Toggle Certificate setting' butt On
    4. Reboot the VCenter Server Appliance

This is the most common solution on the Internet, but my machine is not vsca. Presumably everyone in the production environment is not so used, right?

3. Solution Two: Register the VSphere Web Client with another vCenter single sign-on instanceTo register the VSphere Web Client with another vCenter single sign-on Lookup Service, do the following:
  1. Open a command prompt.

  2. To change the directory to:

    C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts

    Note : If the vSphere Web Client installation location is not the default C:\Program Files\ , adjust the path.

  3. Run client-repoint.bat the command to register the VSphere Web Client with the other VCenter single sign-on and Lookup Service:

    client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"

    Use the following example as a model:

    For VCenter Server 5.1:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "[email protected]" "[email protected]"

    For VCenter Server 5.5:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "[email protected]" "[email protected]"

    In this example, 7444 is the default HTTPS port number for VCenter single sign-on. If you use a custom port, replace the port number in the example with the port number you are using. You need to escape the special characters in the single sign-on user name and password using quotation marks. The host domain name modification at the above red line is the cause of the problem, please be careful to fill in the domain name or IP configured during installation

The VSphere Web Client is now registered with the VCenter single sign-on and Lookup Service.Pro-Test effectiveconclusion, the installation need to carefully fill in the FQDN, and configure each service, do planning reference or copy from: Re-pointing and re-registering VMware vCenter Server 5.1/5.5 and Components (2083219)

Failed to connect to VMware Lookup Service ... SSL Certificate verification failed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.