今天登陆vsphere web-client时候,报错如下:

Failed to connect to VMware Lookup Service https://vc-test.cebbank.com:7444/lookupservice/sdk - SSL certificate verification failed.

放狗搜了下和自己测了下,根据问题类型有如下两种解决方案,我先说下如何去获取错误的详细信息,然后再给大家分别上两个解决办法。

1、获取错误日志

VSphere服务器进入%TEMP%路径,详细错误日志在vm_ssoreg.log和vminst.log中,您的机器可能看不到这个日志,没关系的。我把我的日志信息列在下面

[2016-08-22 10:58:13,758 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
[2016-08-22 10:58:13,760 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess]
com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:224)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:131)
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:533)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:514)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:302)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:272)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169)
at com.sun.proxy.$Proxy22.retrieveServiceContent(Unknown Source)
at com.vmware.vim.install.impl.LookupServiceAccess.createLookupService(LookupServiceAccess.java:98)
at com.vmware.vim.install.impl.LookupServiceAccess.<init>(LookupServiceAccess.java:56)
at com.vmware.vim.install.impl.RegistrationProviderImpl.<init>(RegistrationProviderImpl.java:55)
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:143)
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:60)
at com.vmware.vim.install.cli.commands.CommandArgumentsParser.createServiceProvider(CommandArgumentsParser.java:241)
at com.vmware.vim.install.cli.commands.CommandArgumentsParser.parseCommand(CommandArgumentsParser.java:101)
at com.vmware.vim.install.cli.commands.CommandFactory.createValidateLsCommand(CommandFactory.java:36)
at com.vmware.vim.install.cli.RegTool.process(RegTool.java:91)
at com.vmware.vim.install.cli.RegTool.main(RegTool.java:38)
Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:267)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:230)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:111)
... 17 more
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <vc-test.cebbank.com> != <"ssoserver> OR <vc-test.cloud.cebbank.com>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
at org.apache.http.conn.ssl.StrictHostnameVerifier.verify(StrictHostnameVerifier.java:61)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:253)
... 26 more

根据上面红色部分字体,可以判断我这台机器是由于修改过hosts文件的注册造成的,那修改办法有两个

2、  解决方案一:重新配置SSL certificate

针对vSCA(VMware vCenter Server Appliance),集成在一台机器上的情况,直接在页面修改配置,并重启即可,直接参考Failed to connect to VMware Lookup Service – SSL Certificate Verification Failed

如果懒得蹦过去看,步骤我也抄过来了,如下:

  1. Log in the VCSA itself via https://<vcsa-name>:5480
  2. Navigate to the ‘Admin’ tab
  3. Turn ‘Certificate regeneration enabled‘ to ‘yes‘ by using the ‘Toggle certificate setting‘ button
  4. Reboot the vCenter Server Appliance

这是网上最常见的解决办法,但我的机器这不是vSCA啊。想必大家在生产环境也都不是这么用的吧,那怎么办呢?

3、 解决方案二:向其他 vCenter Single Sign-On 实例注册 vSphere Web Client

要向其他 vCenter Single Sign-On Lookup Service 注册 vSphere Web Client,请执行以下操作:
  1. 打开命令提示符。
  2. 将目录更改为:

    C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts

    注意: 如果 vSphere Web Client 的安装位置不是默认 C:\Program Files\,请调整该路径。

  3. 运行 client-repoint.bat 命令向其他 vCenter Single Sign-On 和 Lookup Service 注册 vSphere Web Client:

    client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"

    使用以下示例作为模型:

    对于 vCenter Server 5.1:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1@"

    对于 vCenter Server 5.5:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "administrator@vSphere.local" "SSO_pw1@"

    在本例中,7444 是 vCenter Single Sign-On 的默认 HTTPS 端口号。 如果您使用自定义端口,请将示例中的端口号替换为您使用的端口号。 需要使用引号对 Single Sign-On 用户名和密码中的特殊字符进行转义。上面红线处的主机域名修改是造成问题的原因,请注意填写安装时配置的域名或者IP

现在,已向 vCenter Single Sign-On and Lookup Service 注册了 vSphere Web Client。亲测有效
结论,安装时需要慎重填写FQDN,并配置各服务,做好规划
 
参考或复制自:

Failed to connect to VMware Lookup Service……SSL certificate verification failed的更多相关文章

  1. Server SSL certificate verification failed: certificate has expired, issuer is not trusted

    Unable to connect to a repository at URL 'https://xxxxx/svn/include' Server SSL certificate verifica ...

  2. svn: E230001: Server SSL certificate verification failed: certificate issued

    svn: E230001: Server SSL certificate verification failed: certificate issued 今天在使用svn时候发现出现这个问题,这个是因 ...

  3. svn: E230001: Server SSL certificate verification failed

    TortoiseSvn是好的 命令行svn 的时候 有问题 ,也加了--no-auth-cache --non-interactive参数 svn list 地址 选下p 就好. http://sta ...

  4. SVN提示https证书验证失败问题svn: E230001: Server SSL certificate verification failed:

    最近在使用Idea 检出 svn项目时,出现了如下的画面 显示需要授权证书,需要证书路径 搜索网上的解决方式:无非以下几种 1.File->Settings->Version Contro ...

  5. svn: E170013: Unable to connect to a repository at URL svn: E230001: Server SSL certificate verification

    idea更新项目报E230001: Server SSL certificate verification failed: certificate issued for a different hos ...

  6. git clone报错:“server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none”

    I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows ...

  7. [Tips] Resolve error: server certificate verification failed.

    # sympton: piaoger@piaoger-ubuntu:~/w/temp$ git clone https://mygit/solidmcp/solidmcp.gitCloning int ...

  8. 使用mail架包发送邮件javax.mail.AuthenticationFailedException: failed to connect at javax.mail.Service.connec

    这个错误是因为连接不上邮箱服务器导致的,可能有以下几个原因(以网易邮箱为例) 1.当使用第三方登录邮箱时需要有邮箱的授权码,且要开启POP3/SMTP/IMAP:服务 2.在代码中要调用网易邮箱的密码 ...

  9. 项目报错 exception 'MongoConnectionException' with message 'Failed to connect to: 127.0.0.1:27017: Authentication failed on database 'www' with username 'www': auth failed' in

    出现这个错误,在官方文档也找到了解释,原来在2.6版本做了很大的改进,其改进涉及到核心.存储.网络.查询和安全性等多方面,自然,其用户登录认证机制也发生了改变,db.system.users的sche ...

随机推荐

  1. [TLSR8266] 1、搭建tlsr8266编译框架在win服务器中

    前言 泰凌微TLSR8266蓝牙芯片的开发环境在win桌面系统中搭建起来比较简单,在其论坛SDK版块->Telink IDE中可以找到安装包,直接安装即可生成基于Eclipse的开发环境,及相关 ...

  2. python语言学习笔记整理

    什么是程序? 程序等于数据结构加算法,那么数据结构是一个静态的东西,算法是一个动态的东西,我们用一个新的语言编写这个程序,我们要考虑到语言也主要由数据结构和算法相关的东西,或静态或动态的东西来构成,所 ...

  3. Debian9 配置之旅

    注:在安装的过程中,要选择网络镜像,不然要出大问题...(我选择了网易163的源) 注:下面的操作发生在我apt-get update,更新出现了错误,做的处理. _Stretch_ - Offici ...

  4. Arch Linux安装记录

    1.分区(MBR)# cfdisk 半图形界面,划分三个区:sda1 20G,sda2 80G,sda3 4G. 2.创建文件系统# mkfs.ext4 /dev/sda1# mkfs.ext4 /d ...

  5. bootstrap-paginator分页插件的两种使用方式

    分页有两种方式: 1. 前台分页:ajax一次请求获取全部数据,适合少量数据(万条数据以下): $.ajax({ type: "GET", url: "",// ...

  6. Codeforces 626F Group Projects(滚动数组+差分dp)

    F. Group Projects time limit per test:2 seconds memory limit per test:256 megabytes input:standard i ...

  7. Quoit Design(最近点对+分治)

    题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=1007 Quoit Design Time Limit: 10000/5000 MS (Java/Oth ...

  8. linux 内核提权

    不经意间找到了大牛总结的一些Linux提权exp 我直接借花献佛分享给大家 #CVE #Description #Kernels CVE-2017-1000367 [Sudo] (Sudo 1.8.6 ...

  9. Windows下MYSQL读取文件为NULL

    只记录解决问题的方法. mysql 版本: 5.7.18 问题: 在执行mysql 函数load_file时,该函数将加载指定文件的内容,存储至相应字段.如: SELECT LOAD_FILE(&qu ...

  10. Spring框架学习笔记(7)——代理对象实现AOP

    AOP(面向切面编程) AOP(Aspect-Oriented Programming, 面向切面编程): 是一种新的方法论, 是对传统 OOP(Object-Oriented Programming ...