今天登陆vsphere web-client时候,报错如下:

Failed to connect to VMware Lookup Service https://vc-test.cebbank.com:7444/lookupservice/sdk - SSL certificate verification failed.

放狗搜了下和自己测了下,根据问题类型有如下两种解决方案,我先说下如何去获取错误的详细信息,然后再给大家分别上两个解决办法。

1、获取错误日志

VSphere服务器进入%TEMP%路径,详细错误日志在vm_ssoreg.log和vminst.log中,您的机器可能看不到这个日志,没关系的。我把我的日志信息列在下面

[2016-08-22 10:58:13,758 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
[2016-08-22 10:58:13,760 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess]
com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:224)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:131)
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:533)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:514)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:302)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:272)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169)
at com.sun.proxy.$Proxy22.retrieveServiceContent(Unknown Source)
at com.vmware.vim.install.impl.LookupServiceAccess.createLookupService(LookupServiceAccess.java:98)
at com.vmware.vim.install.impl.LookupServiceAccess.<init>(LookupServiceAccess.java:56)
at com.vmware.vim.install.impl.RegistrationProviderImpl.<init>(RegistrationProviderImpl.java:55)
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:143)
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:60)
at com.vmware.vim.install.cli.commands.CommandArgumentsParser.createServiceProvider(CommandArgumentsParser.java:241)
at com.vmware.vim.install.cli.commands.CommandArgumentsParser.parseCommand(CommandArgumentsParser.java:101)
at com.vmware.vim.install.cli.commands.CommandFactory.createValidateLsCommand(CommandFactory.java:36)
at com.vmware.vim.install.cli.RegTool.process(RegTool.java:91)
at com.vmware.vim.install.cli.RegTool.main(RegTool.java:38)
Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:267)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:230)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:111)
... 17 more
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <vc-test.cebbank.com> != <"ssoserver> OR <vc-test.cloud.cebbank.com>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
at org.apache.http.conn.ssl.StrictHostnameVerifier.verify(StrictHostnameVerifier.java:61)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:253)
... 26 more

根据上面红色部分字体,可以判断我这台机器是由于修改过hosts文件的注册造成的,那修改办法有两个

2、  解决方案一:重新配置SSL certificate

针对vSCA(VMware vCenter Server Appliance),集成在一台机器上的情况,直接在页面修改配置,并重启即可,直接参考Failed to connect to VMware Lookup Service – SSL Certificate Verification Failed

如果懒得蹦过去看,步骤我也抄过来了,如下:

  1. Log in the VCSA itself via https://<vcsa-name>:5480
  2. Navigate to the ‘Admin’ tab
  3. Turn ‘Certificate regeneration enabled‘ to ‘yes‘ by using the ‘Toggle certificate setting‘ button
  4. Reboot the vCenter Server Appliance

这是网上最常见的解决办法,但我的机器这不是vSCA啊。想必大家在生产环境也都不是这么用的吧,那怎么办呢?

3、 解决方案二:向其他 vCenter Single Sign-On 实例注册 vSphere Web Client

要向其他 vCenter Single Sign-On Lookup Service 注册 vSphere Web Client,请执行以下操作:
  1. 打开命令提示符。
  2. 将目录更改为:

    C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts

    注意: 如果 vSphere Web Client 的安装位置不是默认 C:\Program Files\,请调整该路径。

  3. 运行 client-repoint.bat 命令向其他 vCenter Single Sign-On 和 Lookup Service 注册 vSphere Web Client:

    client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"

    使用以下示例作为模型:

    对于 vCenter Server 5.1:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1@"

    对于 vCenter Server 5.5:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "administrator@vSphere.local" "SSO_pw1@"

    在本例中,7444 是 vCenter Single Sign-On 的默认 HTTPS 端口号。 如果您使用自定义端口,请将示例中的端口号替换为您使用的端口号。 需要使用引号对 Single Sign-On 用户名和密码中的特殊字符进行转义。上面红线处的主机域名修改是造成问题的原因,请注意填写安装时配置的域名或者IP

现在,已向 vCenter Single Sign-On and Lookup Service 注册了 vSphere Web Client。亲测有效
结论,安装时需要慎重填写FQDN,并配置各服务,做好规划
 
参考或复制自:

最新文章

  1. JQuery,拼接字符串问题(求助)
  2. solrconfig.xml和schema.xml说明
  3. zepto源码注解
  4. IIS7 ASP.NET 未被授权访问所请求的资源
  5. ubuntu免验证登陆权限问题
  6. ADB对手机进行开关机测试
  7. 在解决方案中添加Layout,Image文件夹
  8. PHP关联数组和哈希表(hash table) 未指定
  9. easyui&amp;8Jquery ztree树插件
  10. db2 调整连接数的优化
  11. [Swift]LeetCode442. 数组中重复的数据 | Find All Duplicates in an Array
  12. C# 生成海报,文本区域指定和换行,图片合成
  13. Python开发【第十一篇】:MySQL
  14. Oracle BBED 工具 说明
  15. [PA2015]Rozstaw szyn
  16. JUnit accuracy/failure/stress test区别
  17. 上台阶问题(递归,DFS)
  18. web压力测试工具(小而精)
  19. codeforces #296 div2 (527C) STL中set的运用
  20. DIRECTORY_SEPARATOR 目录分隔符 php内置变量

热门文章

  1. 日期插件-flatpickr
  2. 【转载】从头编写 asp.net core 2.0 web api 基础框架 (5) EF CRUD
  3. Linux之内存描述符mm_struct
  4. JSP和Servlet笔记
  5. 读书笔记《PHP与MySQL程序设计》一
  6. Android热修复框架汇总整理(Hotfix)
  7. js面向对象学习笔记(三):原型
  8. hdu_1036(取整和格式控制)
  9. Effective Java 第三版——23. 优先使用类层次而不是标签类
  10. 冒泡排序和选择排序-java