今天登陆vsphere web-client时候,报错如下:

Failed to connect to VMware Lookup Service https://vc-test.cebbank.com:7444/lookupservice/sdk - SSL certificate verification failed.

放狗搜了下和自己测了下,根据问题类型有如下两种解决方案,我先说下如何去获取错误的详细信息,然后再给大家分别上两个解决办法。

1、获取错误日志

VSphere服务器进入%TEMP%路径,详细错误日志在vm_ssoreg.log和vminst.log中,您的机器可能看不到这个日志,没关系的。我把我的日志信息列在下面

[2016-08-22 10:58:13,758 main ERROR com.vmware.vim.install.impl.LookupServiceAccess] com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
[2016-08-22 10:58:13,760 main DEBUG com.vmware.vim.install.impl.LookupServiceAccess]
com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:224)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:131)
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:533)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:514)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:302)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:272)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169)
at com.sun.proxy.$Proxy22.retrieveServiceContent(Unknown Source)
at com.vmware.vim.install.impl.LookupServiceAccess.createLookupService(LookupServiceAccess.java:98)
at com.vmware.vim.install.impl.LookupServiceAccess.<init>(LookupServiceAccess.java:56)
at com.vmware.vim.install.impl.RegistrationProviderImpl.<init>(RegistrationProviderImpl.java:55)
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:143)
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:60)
at com.vmware.vim.install.cli.commands.CommandArgumentsParser.createServiceProvider(CommandArgumentsParser.java:241)
at com.vmware.vim.install.cli.commands.CommandArgumentsParser.parseCommand(CommandArgumentsParser.java:101)
at com.vmware.vim.install.cli.commands.CommandFactory.createValidateLsCommand(CommandFactory.java:36)
at com.vmware.vim.install.cli.RegTool.process(RegTool.java:91)
at com.vmware.vim.install.cli.RegTool.main(RegTool.java:38)
Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:267)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:230)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:111)
... 17 more
Caused by: javax.net.ssl.SSLException: hostname in certificate didn't match: <vc-test.cebbank.com> != <"ssoserver> OR <vc-test.cloud.cebbank.com>
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
at org.apache.http.conn.ssl.StrictHostnameVerifier.verify(StrictHostnameVerifier.java:61)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:149)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:253)
... 26 more

根据上面红色部分字体,可以判断我这台机器是由于修改过hosts文件的注册造成的,那修改办法有两个

2、  解决方案一:重新配置SSL certificate

针对vSCA(VMware vCenter Server Appliance),集成在一台机器上的情况,直接在页面修改配置,并重启即可,直接参考Failed to connect to VMware Lookup Service – SSL Certificate Verification Failed

如果懒得蹦过去看,步骤我也抄过来了,如下:

  1. Log in the VCSA itself via https://<vcsa-name>:5480
  2. Navigate to the ‘Admin’ tab
  3. Turn ‘Certificate regeneration enabled‘ to ‘yes‘ by using the ‘Toggle certificate setting‘ button
  4. Reboot the vCenter Server Appliance

这是网上最常见的解决办法,但我的机器这不是vSCA啊。想必大家在生产环境也都不是这么用的吧,那怎么办呢?

3、 解决方案二:向其他 vCenter Single Sign-On 实例注册 vSphere Web Client

要向其他 vCenter Single Sign-On Lookup Service 注册 vSphere Web Client,请执行以下操作:
  1. 打开命令提示符。
  2. 将目录更改为:

    C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts

    注意: 如果 vSphere Web Client 的安装位置不是默认 C:\Program Files\,请调整该路径。

  3. 运行 client-repoint.bat 命令向其他 vCenter Single Sign-On 和 Lookup Service 注册 vSphere Web Client:

    client-repoint.bat lookup_service_url "single_sign_on_admin_user" "single_sign_on_admin_password"

    使用以下示例作为模型:

    对于 vCenter Server 5.1:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "admin@System-Domain" "SSO_pw1@"

    对于 vCenter Server 5.5:

    client-repoint.bat https://machinename.corp.com:7444/lookupservice/sdk "administrator@vSphere.local" "SSO_pw1@"

    在本例中,7444 是 vCenter Single Sign-On 的默认 HTTPS 端口号。 如果您使用自定义端口,请将示例中的端口号替换为您使用的端口号。 需要使用引号对 Single Sign-On 用户名和密码中的特殊字符进行转义。上面红线处的主机域名修改是造成问题的原因,请注意填写安装时配置的域名或者IP

现在,已向 vCenter Single Sign-On and Lookup Service 注册了 vSphere Web Client。亲测有效
结论,安装时需要慎重填写FQDN,并配置各服务,做好规划
 
参考或复制自:

Failed to connect to VMware Lookup Service……SSL certificate verification failed的更多相关文章

  1. Server SSL certificate verification failed: certificate has expired, issuer is not trusted

    Unable to connect to a repository at URL 'https://xxxxx/svn/include' Server SSL certificate verifica ...

  2. svn: E230001: Server SSL certificate verification failed: certificate issued

    svn: E230001: Server SSL certificate verification failed: certificate issued 今天在使用svn时候发现出现这个问题,这个是因 ...

  3. svn: E230001: Server SSL certificate verification failed

    TortoiseSvn是好的 命令行svn 的时候 有问题 ,也加了--no-auth-cache --non-interactive参数 svn list 地址 选下p 就好. http://sta ...

  4. SVN提示https证书验证失败问题svn: E230001: Server SSL certificate verification failed:

    最近在使用Idea 检出 svn项目时,出现了如下的画面 显示需要授权证书,需要证书路径 搜索网上的解决方式:无非以下几种 1.File->Settings->Version Contro ...

  5. svn: E170013: Unable to connect to a repository at URL svn: E230001: Server SSL certificate verification

    idea更新项目报E230001: Server SSL certificate verification failed: certificate issued for a different hos ...

  6. git clone报错:“server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none”

    I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows ...

  7. [Tips] Resolve error: server certificate verification failed.

    # sympton: piaoger@piaoger-ubuntu:~/w/temp$ git clone https://mygit/solidmcp/solidmcp.gitCloning int ...

  8. 使用mail架包发送邮件javax.mail.AuthenticationFailedException: failed to connect at javax.mail.Service.connec

    这个错误是因为连接不上邮箱服务器导致的,可能有以下几个原因(以网易邮箱为例) 1.当使用第三方登录邮箱时需要有邮箱的授权码,且要开启POP3/SMTP/IMAP:服务 2.在代码中要调用网易邮箱的密码 ...

  9. 项目报错 exception 'MongoConnectionException' with message 'Failed to connect to: 127.0.0.1:27017: Authentication failed on database 'www' with username 'www': auth failed' in

    出现这个错误,在官方文档也找到了解释,原来在2.6版本做了很大的改进,其改进涉及到核心.存储.网络.查询和安全性等多方面,自然,其用户登录认证机制也发生了改变,db.system.users的sche ...

随机推荐

  1. ubuntu14.04下部署Tsung

    我是在Windows 7下装的虚拟机里部署的Tsung,所以,以下均是在虚拟机下的操作: 1.网络问题必须搞定,见我的另外一篇博文 2.erlang的安装包.Tsung的安装包一一备齐.我用的是tsu ...

  2. 线上服务器上安装的VNCServer不能正常工作

    1.问题描述: 线上服务器上安装的不能正常工作 2.解决问题过程: 一. 重启vncserver 运行命令:vncserver -kill :1和vncserver :1 二. 发现vncserver ...

  3. Ubuntu 安装Appium

    1.安装node apt-get install node.js 2.安装npm apt-get install npm 3.安装cnpm npm install -g cnpm 创建链接:ln -s ...

  4. Mac appium apk覆盖性安装的问题

    /Applications/Appium.app/Contents/Resources/node_modules/appium/node_modules/appium-android-driver/n ...

  5. Python进阶内容(三)--- reduce

    描述 functools.reduce() 函数会对参数序列中元素进行累积.函数将一个数据集合(列表,元组等)中的所有数据进行下列操作:用传给reduce中的函数 function(有两个参数)先对集 ...

  6. [原创]同一个Tomcat,配置多个context、多个Host

    需求前提: 系统结束后,需要部署到服务器上. 目前只可以映射到一个固定IP的非80端口. 而server端和web端都要暴露到外网. 所以配置两个context,使得client应用不需要添加服务名, ...

  7. win10 uwp 横向 AppBarButton

    一般看到的 AppBarButton 都是图片在上面,文字在下面,是否可以更改让文字在和图片相同的位置?本文告诉大家如何做出横向的 AppBarButton 把图标和文本放在一起. 如果需要添加 Ap ...

  8. 【读书笔记】【深入理解ES6】#2-字符串和正则表达式

    更好的Unicode支持 在ES6出现以前,JS字符串一直基于16位字符编码(UTF-16)进行构建. 每16位的序列是一个编码单元(code unit),代表一个字符. length.charAt( ...

  9. hibernate使用setResultTransformer()将SQL查询结果放入集合中

    在平时开发中Hibernate提供的hql基本能够满足我们的日常需求.但是在有些特殊的情况下,还是需要使用原生的sql,并且希望sql查询出来的结果能够绑定到pojo上.hibernate API中的 ...

  10. Yii2基本概念之——属性(property)

    学习任何一门学问,往往都是从起基本的概念学起.万丈高楼平地起,这些基本概念就是高楼的基石,必须做详尽的分析.我们知道,Yii2是一款脉络清晰的框架,理顺了基础的概念和基本功能,学习更高级和复杂的功能就 ...