今天登陆vsphere web-client时候,报错如下: Failed to connect to VMware Lookup Service https://vc-test.cebbank.com:7444/lookupservice/sdk - SSL certificate verification failed.
放狗搜了下和自己测了下,根据问题类型有如下两种解决方案,我先说下如何去获取错误的详细信息,然后再给大家分别上两个解决办法。 1、获取错误日志
VSphere服务器进入%TEMP%路径,详细错误日志在vm_ssoreg.log和vminst.log中,您的机器可能看不到这个日志,没关系的。我把我的日志信息列在下面 [2016-08-22 10:58:13,758 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched [2016-08-22 10:58:13,760 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess] com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:224) at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:131) at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98) at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:533) at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:514) at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:302) at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:272) at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169) at com.sun.proxy.$Proxy22.retrieveServiceContent(Unknown Source) at com.vmware.vim.install.impl.LookupServiceAccess.createLookupService(LookupServiceAccess.java:98) at com.vmware.vim.install.impl.LookupServiceAccess.<init>(LookupServiceAccess.java:56) at com.vmware.vim.install.impl.RegistrationProviderImpl.<init>(RegistrationProviderImpl.java:55) at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:143) at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:60) at com.vmware.vim.install.cli.commands.CommandArgumentsParser.createServiceProvider(CommandArgumentsParser.java:241) at com.vmware.vim.install.cli.commands.CommandArgumentsParser.parseCommand(CommandArgumentsParser.java:101) at com.vmware.vim.install.cli.commands.CommandFactory.createValidateLsCommand(CommandFactory.java:36) at com.vmware.vim.install.cli.RegTool.process(RegTool.java:91) at com.vmware.vim.install.cli.RegTool.main(RegTool.java:38) Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:267) at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:230) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576) at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:111) ... 17 more Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <vc-test.cebbank.com> != <"ssoserver> OR <vc-test.cloud.cebbank.com> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220) at org.apache.http.conn.ssl.StrictHostnameVerifier.verify(StrictHostnameVerifier.java:61) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149) at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:253) ... 26 more
根据上面红色部分字体,可以判断我这台机器是由于修改过hosts文件的注册造成的,那修改办法有两个 2、 解决方案一:重新配置SSL certificate
针对vSCA(VMware vCenter Server Appliance),集成在一台机器上的情况,直接在页面修改配置,并重启即可,直接参考Failed to connect to VMware Lookup Service – SSL Certificate Verification Failed。
如果懒得蹦过去看,步骤我也抄过来了,如下:
Log in the VCSA itself via https://<vcsa-name>:5480
Navigate to the ‘Admin’ tab
Turn ‘Certificate regeneration enabled‘ to ‘yes‘ by using the ‘Toggle certificate setting‘ button
Reboot the vCenter Server Appliance
这是网上最常见的解决办法,但我的机器这不是vSCA啊。想必大家在生产环境也都不是这么用的吧,那怎么办呢? 3、 解决方案二:向其他 vCenter Single Sign-On 实例注册 vSphere Web Client
要向其他 vCenter Single Sign-On Lookup Service 注册 vSphere Web Client,请执行以下操作:
QQ群⑧:
窥视卡
雷达卡
发表于 2017-6-22 11:48:28
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡