Hi,
ok, big failure to reboot the vCenter Server Appliance 5.1 (i think...)...
Now I have the problem that I am not able to login to the vSphere Webclient:
whenever I want to login through a browser (Firefox, Chrome, Chromium, etc.) I always get the following message:
Cannot connect to vCenter Single Sign On server https://xx.xx.xx.xx:7444/ims/STSService. The SSL certificate cannot be verified.
I looked around and found KB 2036505 which describes my problem but I am not in a Windows world...
This is the relevant output of /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log:
[2013-06-17 21:37:30.613] INFO [INFO ] http-bio-9443-exec-3 com.vmware.vise.security.SessionListener Session 4B44EFE54445BE96023AAF69BB52545B created.
[2013-06-17 21:37:30.615] INFO [INFO ] http-bio-9443-exec-3 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:30.704] INFO [INFO ] http-bio-9443-exec-3 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:30.913] INFO [INFO ] http-bio-9443-exec-6 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:30.914] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:30.943] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:30.944] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 c.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl getUserSession called on an inactive session.
[2013-06-17 21:37:31.856] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:31.914] INFO [INFO ] http-bio-9443-exec-3 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:31.945] INFO [INFO ] http-bio-9443-exec-3 org.springframework.flex.servlet.MessageBrokerHandlerAdapter Channel endpoint secure-amf received request.
[2013-06-17 21:37:31.966] INFO [INFO ] data-service-pool-1 com.vmware.vsphere.client.security.VcDirectory Reading VcDirectory file on the disk.
[2013-06-17 21:37:31.966] INFO [INFO ] data-service-pool-1 com.vmware.vsphere.client.security.VcDirectory VcDirectory file not found.
[2013-06-17 21:37:31.966] INFO [INFO ] data-service-pool-1 com.vmware.vsphere.client.security.VcDirectory No data in VcDirectory file.
[2013-06-17 21:37:31.966] INFO [INFO ] data-service-pool-1 com.vmware.vsphere.client.security.VcDirectory No vc's found in the directory.
[2013-06-17 21:37:31.973] WARN [WARN ] http-bio-9443-exec-3 com.vmware.vise.data.query.impl.ResultDirectory Type cannot be resolved for ManagedObjectReference: type = VcDirectory, value = VcDirectory, serverGuid = VcDirectory
[2013-06-17 21:37:42.820] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.util.i18n.I18nFilter The preferred locale for session 47724A20A3AF5A982FCD63C3FA9D1941 is set to: de_DE
[2013-06-17 21:37:42.826] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.security.DefaultAuthenticationProvider Authenticating user: root using authentication handler: $Proxy348
[2013-06-17 21:37:42.828] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.vim.security.sso.impl.SsoUtilInternal Preparing the STS configuration for https://10.0.100.90:7444/ims/STSService
[2013-06-17 21:37:42.828] INFO [INFO ] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.vim.security.sso.impl.SsoUtilInternal Requesting all STS trusted root certificates from https://10.0.100.90:7444/sso-adminserver/sdk
[2013-06-17 21:37:42.848] ERROR [ERROR] http-bio-9443-exec-3 47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler CertificateValidationException when connecting to the SSO server. com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:217)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:111)
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:526)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:507)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:295)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:265)
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169)
at $Proxy176.retrieveServiceContent(Unknown Source)
at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.getSsoAdminServiceContent(SsoUtilInternal.java:201)
at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.getStsRootCertificates(SsoUtilInternal.java:224)
at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.createStsConfiguration(SsoUtilInternal.java:340)
at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.getStsConfig(SsoServiceImpl.java:135)
at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.createStsObjectPool(SsoServiceImpl.java:163)
at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.getSts(SsoServiceImpl.java:102)
at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.acquireToken(SsoServiceImpl.java:181)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:58)
at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:62)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.osgi.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy193.acquireToken(Unknown Source)
at com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler.authenticate(SsoAuthenticationHandler.java:98)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)
at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:58)
at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:62)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.osgi.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:59)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy348.authenticate(Unknown Source)
at com.vmware.vise.security.DefaultAuthenticationProvider.authenticate(DefaultAuthenticationProvider.java:146)
at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.security.FlexLoginFilter.doFilterInternal(FlexLoginFilter.java:45)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.util.i18n.I18nFilter.doFilterInternal(I18nFilter.java:43)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.security.SessionManagementFilter.doFilterInternal(SessionManagementFilter.java:30)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vsphere.client.logging.MDCLogFilter.doFilterInternal(MDCLogFilter.java:43)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.eclipse.virgo.web.tomcat.support.ApplicationNameTrackingValve.invoke(ApplicationNameTrackingValve.java:33)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:206)
... 109 common frames omitted
I also found the directory described in the KB for Windows (/storage/db/vsphere-client, file MNNextVcDirectory) but removing the file didn't help.
Any ideas to fix this problem? I have not updated the server nor changed the configuration. Just rebooted...
Thanks
Bernd