VMware vSphere

 View Only

  • 1.  vCenter VMAFDD errors 4312 & 1006

    Posted Feb 19, 2023 02:52 PM

    Hello.

    For some time I have the syslog flooded each minute by the below errors. The certificate Alias (2039df442a5d83569ae80cf71184d33bb344b9ae) it's the same each time and I found it under TRUSTED_ROOT_CRLS store. I remove it from the store with the help of vecs-cli, but the certificate it's created again and same errors continue. I searched and searched and can't find anything to relate... A bit of help would be greatly appreciated.

    vCenter: 6.7 build 20504362, embedded PSC

    2023-02-19T16:22:48.115619+02:00 err vmafdd t@139966903056128: [Error - 4312, ../../../server/vmafd/rootfetch.c:686]
    2023-02-19T16:22:48.127426+02:00 notice vmafdd t@139966903056128: Added cert to VECS DB: 2039df442a5d83569ae80cf71184d33bb344b9ae
    2023-02-19T16:22:48.127912+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../common/ssl.c:1964]
    2023-02-19T16:22:48.128425+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../common/ssl.c:491]
    2023-02-19T16:22:48.129038+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../common/ssl.c:663]
    2023-02-19T16:22:48.129548+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../../server/vmafd/vecsserviceapi.c:1928]
    2023-02-19T16:22:48.130062+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../../server/vmafd/vecsserviceapi.c:2238]
    2023-02-19T16:22:48.130574+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../../server/vmafd/vecsserviceapi.c:1400]
    2023-02-19T16:22:48.131163+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../../server/vmafd/vecsserviceapi.c:717]
    2023-02-19T16:22:48.131654+02:00 err vmafdd t@139966903056128: VecsSrvAddCertificate returning 1006
    2023-02-19T16:22:48.132177+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../../server/vmafd/rootfetch.c:841]
    2023-02-19T16:22:48.132616+02:00 err vmafdd t@139966903056128: [Error - 1006, ../../../server/vmafd/rootfetch.c:270]
    2023-02-19T16:22:48.133030+02:00 notice vmafdd t@139966903056128: Failed to update trusted roots. Error [1006]



  • 2.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted May 31, 2023 09:39 AM

    Hi, did you manage to come across this issue? I'm getting the same 4312 error on our 6.7 infrastructure, but no docs are available on the Net, nor by Vmware.....

    Thanks in advance,

    Marco



  • 3.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted May 31, 2023 09:47 AM

    Hi Marco.

    I did not resolved the issue, but I did not bothered with it anymore. I could find nothing. Being a lab environment, I will re-install vCenter at some point and check when the issue occurs. Seems to me that it started after i changed from vsphere.local to my internal custom domain.

    Sorry, I can't help you with this.



  • 4.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted May 31, 2023 11:41 AM

    Have you tried to check it with the lsdoctor script ?

    https://kb.vmware.com/s/article/80469

     



  • 5.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted May 31, 2023 03:42 PM

    If you're asking me, no I did not ran that tool. I will probably give it a try, but do not know exactly when... But after I will try it, I will post here the results.

    Thank you for the tip.



  • 6.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted Jun 01, 2023 11:42 PM

    Hi,
    I tried  python lsdoctor.py -l and it returned no errors. The issue I have is that I got frequent syslog messages logged, ttr

    2023-06-01T18:38:44.040527+00:00 vcsa-01 vmafdd - - - t@140664155760384: [Error - 4312, ../../../server/vmafd/rootfetch.c:686]

    So error 4312..... 
    Any suggestions?

    Marco

     



  • 7.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted Jun 02, 2023 05:51 AM

    Hello 

    How's the replication between the PSCs

    What's the state of vmdir 

    Apart from errors in syslog and vmafd.log, is there any functionality that is impacted 

     

    Regards

    Harry



  • 8.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted Jun 07, 2023 10:54 PM

    Hello  mannharry,

    the site has only one PSC, 

    VmDir State is - Normal

    Functionality seems not to be impacted but I'm going to upgrade to version 7 from 6.7 and I'd like to lower failure causes to the minimum before proceeding.

    To summarize, here is a list of log lines all relating to error 4312:

    2023-06-07T19:38:44.035270+00:00 vcsa-01 vmafdd - - - t@140664155760384: [Error - 4312, ../../../server/vmafd/rootfetch.c:686] (most recurring error)

    2023-06-07T00:00:02.671671+00:00 vcsa-01 vmafdd - - - t@140663987361536: ERROR! [VecsIpcGetKeyByAlias] is returning [4312]

    2023-06-07T00:00:02.671185+00:00 vcsa-01 vmafdd - - - t@140663987361536: [Error - 4312, ../../../server/vmafd/vecsserviceapi.c:538]

    What shoud I investigate?

    Thanks, 

    Marco

     



  • 9.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted Jun 08, 2023 08:08 AM

    If we have single PSC , things should be fine 

    Only thing is replication which is not in picture here , so suggestion would be go ahead with upgrade.

     

    Regards

    Harry



  • 10.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted Jun 08, 2023 09:40 AM

    Ok, thanks a lot for your support.

    Marco

     



  • 11.  RE: vCenter VMAFDD errors 4312 & 1006

    Posted May 31, 2023 04:04 PM

    Please check this 

    https://kb.vmware.com/s/article/70656?lang=en_US

     

    Regards

    Harry