VMware vSphere

 View Only

  • 1.  Renewing Virtual Center CA Cerificates

    Posted Nov 05, 2016 01:45 PM

    Hi All,

    I'm trying to renew the CA certificate on one of our ESX 5.0 VC Server.  It's a process I have carried out in the past and not had any particular issues.  However, this time once I have created my rui.crt, rui.pfx & rui.key and replaced them in the two relevant SSL Certificate Locations I am unable to load them into memory.  When I type https://localhost/mob/?moid=vpxd-securitymanager&vmodl=1 my browser fails to prompt me for the VI-ADMN logging information.  I notice in the event logs I get EVENT IDs 1000 stating Faulting Application vpxd.exe faulting module kernel32.dll - Also EVENT ID 1000 stating The description for EVENT 1000 from source VMware Virtual Center cannot be found.  Either the component that raise this event is not installed on your local computer or the installation is corrupted 

    As soon as I replace the old files back into their original location the services start up OK.  I believe our certificate server to be OK and as far as I can see the files Openssl.cfg file looks to be configured correctly.

    The issue is obviously with the new files created, but I'm not too sure where else to start looking.  Any help would be greatly appreciated.

    J



  • 2.  RE: Renewing Virtual Center CA Cerificates

    Posted Nov 08, 2016 10:57 AM

    Following up from this issue I noticed I have the following errors in the VPXD logs...

    [04052 info 'Default'] Registry Item DB 5 value is '50'

    [04052 info 'Default'] [VpxdVdb::SetDBType] Logging in to DSN: VMware vCenter with username

    [04052 error 'Default'] [VpxKey::Decrypt] crypto failure: error:00000000:lib(0):func(0):reason(0)

    [04052 error 'Default'] [VpxdCert] Failed to decrypt password: applying key to encrypted data failed (likely the wrong key)

    [04052 error 'Default'] [VpxdVdb::SetDBType]: Database error: ODBC error: () -

    [04052 error 'Default'] Error getting configuration info from the database


    Looking through KB articles it would appear the issue is with the DB password and it requires re-authenticating.  However, as I haven't got as far as loading the certificate into memory I don't understand why when I replace the old files with the newly created ones I get the error.  After all the instructions state the DB password has to be re-entered once the new certificate has been loaded into memory.