App Volumes 2.12.1 vCenter certificate verify failed

App Volumes 2.12.1 is a awesome update but it comes with a flaw out of the box.
The vCenter certificate can be accepted but the logging will spam that it’s incorrect.
Even with multiple vCenters it will fail to get them up and running..

“Certificate: Using administrator trusted certificate”
Validating SSL certificate for “VCA.domain.local”: Rejected because certificate is neither verified nor trusted

Failed to connect to vSphere at “domain\srvappvol@VCA.domain.local”: SSL_connect returned=1 errno=0 state=error:

Failed to extract SSL certificate: execution expired

Unable to save peer certificate due to errors: [“Serial can’t be blank”, “Subject can’t be blank”, “Issuer can’t be blank”]

Running multiple vCenters under one SSO is even more fun.. only one vCenter will work and other will fail because you get presented with your PSC certificate instead of your vCenter certificate.

certificate

certificate

In the App Volumes database you will see the same behaviour. Only one certificate is trusted and the others are not.



To solve this issue, Log in to each Manager instance and follow the below solution.
This will disable certificate checking between vCenter and the Manager.
See also this VMware community thread.

  1. Open Control Panel
  2. Select System
  3. Click the Advanced system settings link.
  4. Click Environment Variables. In the section System Variables, Click New.
  5. In the New System Variable window, specify the value ofย Variable Name as “AVM_DISABLE_VCENTER_SSL_VALIDATION” and specify the Variable Value as “1”
  6. Click OK. Close all remaining windows by clicking OK.
  7. restart the manager service.

After this the vCenter SSL check is disabled and all will work fine again. As of now this is still not fixed. There are a few beta patched available via VMware GSS but 2.12.3 and 2.12.4 beta doe not fix this issue. For now, if you have multi vCenter or if you have the problems. Disable de SSL checking and it will be solved. Good luck ๐Ÿ™‚

Leave a Reply

Your email address will not be published. Required fields are marked *