Skip to main content

Unable to import ISO file from Update Manager via HTML5 client

  Symptoms

While Importing ISO file from Update manager via HTML5 client, operation ends/stops without any specific error message



/var/log/vmware/vsphere-ui/logs/vsphere-client-virgo.log :

[2020-03-05T22:05:23.623Z] [ERROR] tp-nio-127.0.0.1-5090-exec-7 com.vmware.vum.client.upload.FileUploadClient   Error while executing HTTP request javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
Cause
Intermediate Cert might be absent from the Cert Store
Resolution
1. Validate the Machine SSL Certs ( Machine, Intermediate and Root )
/usr/lib/vmware/vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text

2. Verify from Subject Key Identifier that only the Root cert would be present in the TRUSTED_ROOTS store,the Intermediate Cert might be absent.

3. Export the certificate from the browser via 
https://FQDN:9087/vum-fileupload/

4. Copy the cert block and create a file name subca.crt in the /tmp folder of vCenter

5. Published the Cert
 /usr/lib/vmware-vmafd/bin/vecs-cli entry create --store TRUSTED_ROOTS --alias <thumbprint> --cert /tmp/subca.crt 
 
<thumbprint> will be the thumbprint of the Intermediate Cert which is retrieved from the cert in the browser
 
6. Post that, the upload the ISOs on the vCenter HTML5 Client should work.
Workaround
ISO file can be imported via Flex/flash Client

Comments

Post a Comment

Popular posts from this blog

Troubleshooting vpxd service on Windows vCenter Server

  Symptoms You cannot connect to VMware vCenter Server with the vSphere Client. You cannot see the VMware vCenter Server in the inventory in the vSphere Web Client. You see a Microsoft Windows Event error associated with IIS similar to: Event properties - Event 7024, Service Control Manager The VMware VirtualCenter Server service terminated with service-specific error The system cannot find the file specified.. Log Name: System Source: Service Control Event ID: 7024 Level: Error Note : A windows Event ID 1000 may also be reported in relation to this issue.   Connecting to vCenter Server fails with the error: Cannot connect to host server_name : No connection could be made because the target machine actively refused it.   Attempting to start the VMware VirtualCenter Server service fails. You see this error: Windows could not start the VMware VirtualCenter Server service on...
Post a Comment
Read more

Cloning and converting virtual machine disks with vmkfstools

 Purpose This article provides information and instructions on the use of the vmkfstools command to convert virtual machine disks from one type to another. Resolution The vmkfstools command offers the ability to clone virtual machine content and also convert from one virtual machine disk ( .vmdk ) format into another. Note : The host operating system chosen to perform the conversion may not necessarily support running of virtual machines via the output format defined. vmkfstools maintains the possibility of exporting virtual disks for use in other VMware products which support alternative disk formats. To convert a virtual machine disk from one type to another: Shut down the virtual machine. Virtual machine disk files are locked while in-use by a running virtual machine. Log in to the VMware vSphere Management Assistant (v...
Post a Comment
Read more

Investigating virtual machine file locks on ESXi

      Details Adding an existing virtual machine disk (VMDK) to a virtual machine that is already powered on fails.                 Failed to add disk scsi0:1. Failed to power on scsi0:1   Powering on the virtual machine results in the power on task remaining at 95% indefinitely. Cannot power on the virtual machine after deploying it from a template. Powering on a virtual machine fails with an error: Unable to open Swap File Unable to access a file since it is locked Unable to access a file <filename> since it is locked Unable to access Virtual machine configuration In the /var/log/vmkernel log file, you see entries similar to: WARNING: World: VM xxxx: xxx: Failed to open swap file <path>: Lock was not free WARNING: World: VM xxxx: xxx: Failed to initialize swap file <path>   When opening a console to the virtual machine, you may receive ...
Post a Comment
Read more