Today landing Vspher web-client time, the error is as follows:
Failed to connect to VMware Lookup Service Https://vc-test.cebbank.com:7444/lookupservice/sdk-SSL Certificate Verificat Ion failed.
Put the dog search and self-test, according to the problem type has the following two kinds of solutions, I first say how to get the details of the error, and then give everyone two solutions.
1. Get the error log
Vsphere server enters the%temp% path, verbose error log in Vm_ssoreg.log and Vminst.log, your machine may not be able to see this log, no matter. I have my log messages listed below.
[2016-08-22 10:58:13,758 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] Com.vmware.vim.vmomi.core.exception.CertificateValidationException:Server Certificate Assertion not verified and Thumbprint not matched
[2016-08-22 10:58:13,760 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess]
com.vmware.vim.vmomi.client.exception.SslException: Com.vmware.vim.vmomi.core.exception.CertificateValidationException:Server Certificate Assertion not verified and Thumbprint not matched
At Com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError (responseimpl.java:224)
At Com.vmware.vim.vmomi.client.http.impl.HttpExchange.run (httpexchange.java:131)
At com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send (httpprotocolbindingimpl.java:98)
At Com.vmware.vim.vmomi.client.common.impl.methodinvocationhandlerimpl$callexecutor.sendcall ( methodinvocationhandlerimpl.java:533)
At Com.vmware.vim.vmomi.client.common.impl.methodinvocationhandlerimpl$callexecutor.executecall ( methodinvocationhandlerimpl.java:514)
At Com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall ( methodinvocationhandlerimpl.java:302)
At Com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation ( methodinvocationhandlerimpl.java:272)
At Com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke ( methodinvocationhandlerimpl.java:169)
At Com.sun.proxy. $Proxy 22.retrieveServiceContent (Unknown Source)
At Com.vmware.vim.install.impl.LookupServiceAccess.createLookupService (lookupserviceaccess.java:98)
At com.vmware.vim.install.impl.lookupserviceaccess.<init> (lookupserviceaccess.java:56)
At com.vmware.vim.install.impl.registrationproviderimpl.<init> (registrationproviderimpl.java:55)
At Com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider ( registrationproviderfactory.java:143)
At Com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider ( REGISTRATIONPROVIDERFACTORY.JAVA:60)
At Com.vmware.vim.install.cli.commands.CommandArgumentsParser.createServiceProvider ( commandargumentsparser.java:241)
At Com.vmware.vim.install.cli.commands.CommandArgumentsParser.parseCommand (commandargumentsparser.java:101)
At Com.vmware.vim.install.cli.commands.CommandFactory.createValidateLsCommand (commandfactory.java:36)
At com.vmware.vim.install.cli.RegTool.process (regtool.java:91)
At Com.vmware.vim.install.cli.RegTool.main (regtool.java:38)
caused By:com.vmware.vim.vmomi.core.exception.CertificateValidationException:Server certificate assertion not Verified and thumbprint not matched
At Com.vmware.vim.vmomi.client.http.impl.thumbprinttrustmanager$hostnameverifier.verify ( thumbprinttrustmanager.java:267)
At Com.vmware.vim.vmomi.client.http.impl.thumbprinttrustmanager$hostnameverifier.verify ( thumbprinttrustmanager.java:230)
At Org.apache.http.conn.ssl.SSLSocketFactory.connectSocket (sslsocketfactory.java:339)
At Org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection ( defaultclientconnectionoperator.java:123)
At Org.apache.http.impl.conn.AbstractPoolEntry.open (abstractpoolentry.java:147)
At Org.apache.http.impl.conn.AbstractPooledConnAdapter.open (abstractpooledconnadapter.java:108)
At Org.apache.http.impl.client.DefaultRequestDirector.execute (defaultrequestdirector.java:415)
At Org.apache.http.impl.client.AbstractHttpClient.execute (abstracthttpclient.java:641)
At Org.apache.http.impl.client.AbstractHttpClient.execute (abstracthttpclient.java:576)
At Com.vmware.vim.vmomi.client.http.impl.HttpExchange.run (httpexchange.java:111)
... more
caused by:javax.net.ssl.SSLException:hostname in certificate didn ' t match: <vc-test.cebbank.com>! = < " ssoserver> OR <vc-test.cloud.cebbank.com>
At org.apache.http.conn.ssl.AbstractVerifier.verify (abstractverifier.java:220)
At org.apache.http.conn.ssl.StrictHostnameVerifier.verify (stricthostnameverifier.java:61)
At org.apache.http.conn.ssl.AbstractVerifier.verify (abstractverifier.java:149)
At Com.vmware.vim.vmomi.client.http.impl.thumbprinttrustmanager$hostnameverifier.verify ( thumbprinttrustmanager.java:253)
... more
According to the above red part of the font, you can tell me this machine is due to modify the Hosts file registration, there are two ways to modify
2.
Solution One: Reconfigure SSL certificate
For Vsca (VMware vCenter Server Appliance), integrated on a single machine, directly on the page to modify the configuration, and reboot, directly refer to the failed to connect to VMware Lookup Service–ssl C Ertificate verification Failed.
If too lazy to see, step I also copied over, as follows:
- Log in the VCSA itself via https://<vcsa-name>:5480
- Navigate to the ' Admin ' tab
- Turn 'Certificate regeneration enabled' to 'Yes' by using the 'Toggle Certificate setting' butt On
- Reboot the VCenter Server Appliance
This is the most common solution on the Internet, but my machine is not vsca. Presumably everyone in the production environment is not so used, right?
3. Solution Two: Register the VSphere Web Client with another vCenter single sign-on instanceTo register the VSphere Web Client with another vCenter single sign-on Lookup Service, do the following:
- Open a command prompt.
- To change the directory to:
C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts
Note : If the vSphere Web Client installation location is not the default C:\Program Files\
, adjust the path.
- Run
client-repoint.bat
the command to register the VSphere Web Client with the other VCenter single sign-on and Lookup Service:
client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"
Use the following example as a model:
For VCenter Server 5.1:
client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "[email protected]" "[email protected]"
For VCenter Server 5.5:
client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "[email protected]" "[email protected]"
In this example, 7444 is the default HTTPS port number for VCenter single sign-on. If you use a custom port, replace the port number in the example with the port number you are using. You need to escape the special characters in the single sign-on user name and password using quotation marks. The host domain name modification at the above red line is the cause of the problem, please be careful to fill in the domain name or IP configured during installation
The VSphere Web Client is now registered with the VCenter single sign-on and Lookup Service.Pro-Test effectiveconclusion, the installation need to carefully fill in the FQDN, and configure each service, do planning reference or copy from: Re-pointing and re-registering VMware vCenter Server 5.1/5.5 and Components (2083219)
Failed to connect to VMware Lookup Service ... SSL Certificate verification failed.