Saturday, January 19, 2019

VAPI Endpoint service failure

VAPI Endpoint service failure 


ERROR | state-manager1            | StsBuilder                     | Failed to acquire token for the solution user
2018-11-15T21:50:42.647Z | ERROR | state-manager1            | DefaultStateManager            | Could not initialize endpoint runtime state.
com.vmware.vapi.endpoint.config.ConfigurationException: com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.
        at com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:182)
        at com.vmware.vapi.endpoint.cis.StsBuilder.rebuild(StsBuilder.java:77)
        at com.vmware.vapi.endpoint.cis.StsBuilder.buildInitial(StsBuilder.java:54)
        at com.vmware.vapi.state.impl.DefaultStateManager.build(DefaultStateManager.java:354)
        at com.vmware.vapi.state.impl.DefaultStateManager$1.doInitialConfig(DefaultStateManager.java:168)
        at com.vmware.vapi.state.impl.DefaultStateManager$1.run(DefaultStateManager.java:151)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.vmware.vim.sso.client.exception.AuthenticationFailedException: Provided credentials are not valid.
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.handleFaultCondition(SecurityTokenServiceImpl.java:852)
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:788)
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:714)
        at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireTokenByCertificate(SecurityTokenServiceImpl.java:473)
        at com.vmware.vapi.endpoint.cis.StsBuilder.createToken(StsBuilder.java:179)


Please follow the steps below


/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd --text | less

MACHINE_SSL_CERT
TRUSTED_ROOTS
TRUSTED_ROOT_CRLS
machine
vpxd
vpxd-extension
vsphere-webclient
SMS


/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store <stored name> --alias <alias name> --output /certificate/<certificate usage name>.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store machine --alias machine --output /certificate/machine.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd --alias vpxd --output /certificate/vpxd.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vsphere-webclient --alias vsphere-webclient --output /certificate/vsphere-webclient.crt


dir-cli service update --name vpxd-extension-d74bb41a-f337-4667-9294-9df39322b428- --cert /cert/vpxd.crt --login administrator@vsphere.local

root@VCENTER51 [ /certificate ]# less vsphere-webclient.crt
root@VCENTER51 [ /certificate ]# /usr/lib/vmware-vmafd/bin/dir-cli service list
Enter password for administrator@vsphere.local:
1. WebClient_2016.11.23_145904
2. machine-2253fa42-d1ee-11e7-ba38-0050569c439f
3. vsphere-webclient-2253fa42-d1ee-11e7-ba38-0050569c439f
4. machine-d74bb41a-f337-4667-9294-9df39322b428
5. vsphere-webclient-d74bb41a-f337-4667-9294-9df39322b428
6. vpxd-d74bb41a-f337-4667-9294-9df39322b428
7. vpxd-extension-d74bb41a-f337-4667-9294-9df39322b428


/usr/lib/vmware-vmafd/bin/dir-cli service update --name machine-d74bb41a-f337-4667-9294-9df39322b428 --cert /certificate/machine.crt --login administrator@vsphere.local
/usr/lib/vmware-vmafd/bin/dir-cli service update --name vsphere-webclient-d74bb41a-f337-4667-9294-9df39322b428 --cert /certificate/vsphere-webclient.crt --login administrator@vsphere.local
/usr/lib/vmware-vmafd/bin/dir-cli service update --name vpxd-d74bb41a-f337-4667-9294-9df39322b428 --cert /certificate/vpxd.crt --login administrator@vsphere.local
/usr/lib/vmware-vmafd/bin/dir-cli service update --name vpxd-extension-d74bb41a-f337-4667-9294-9df39322b428 --cert /certificate/vpxd-extension.crt --login administrator@vsphere.local

1 comment:

  1. Very poorly documented article.
    But that was my issue, thanks much.

    ReplyDelete

Replacing vROPS Certificates

Issue:  When using default certificates in vROPS  Due to security requirements it was necessary to replace the default self-signed certifica...