Symptoms
  • In view admin page the vCenter Server service status turns to Red.
  • You see errors similar to:

    service is not working properly 
    OR For self-signed certificate, click 'Verify'. If the vCenter Server certificate can be validated, make sure that the trusted store on the Connection Server system has the correct Certification Authorities.
     
  • In DriveLetter:ProgramData\VMware\VDM\logs, You see entries similar to:
<VCHealthUpdate> [CertMatchingTrustManager] invalid certificate (as expected) for VC_FQDN:443 InvalidCertificateException[reasons:notTrusted; subject:'C=US, CN=uonvdi-VC_FQDN' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: , ChainReasons: partialChain, noTrust']
<VCHealthUpdate> [VCHealth] The VC with URL=https://VC_FQDN:443/sdk has reported a status of STATUS_DOWN, description=Can't connect
<VCHealthUpdate> [ServiceConnection25] Problem connecting to VirtualCenter at https://VC_FQDN:443/sdk (javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake)
) <VCHealthUpdate> [TrackerObject] Updating TrackerObject: VcHealth:VC|aeec6b0e-bef3-4c95-b7dc-fc463bb6a4f6
<VCHealthUpdate> [TrackerObject] Changing attribute: ATTR_VC_STATUS
<VCHealthUpdate> [TrackerObject] Changing attribute: ATTR_VC_STATUS_DESCRIPTION
<VCHealthUpdate> [TrackerObject] Changing attribute: ATTR_VC_CERTABOUTTOEXPIRE

<VCHealthUpdate> [VCHealth] The VC with URL=https://VC_FQDN/sdk has reported a status of STATUS_DOWN, description=Can't connect
<VCHealthUpdate> [ServiceConnection25] Problem connecting to VirtualCenter at https://VC_FQDN:443/sdk (javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake)
) <VCHealthUpdate> [TrackerObject] Updating TrackerObject: VcHealth:UONVDI-CS04|aeec6b0e-bef3-4c95-b7dc-fc463bb6a4f6
<VCHealthUpdate> [TrackerObject] Changing attribute: ATTR_VC_STATUS
<VCHealthUpdate> [TrackerObject] Changing attribute: ATTR_VC_STATUS_DESCRIPTION
<VCHealthUpdate> [TrackerObject] Changing attribute: ATTR_VC_CERTABOUTTOEXPIRE
 Cause
This issue occurs when Composer and Connection Servers fails to validate the vCenter server certificate.

 
 Resolution
To resolve this issue, configure the vCenter Server certificate as trusted certificate authority.


Delete the existing vCenter Server certificate on the Connection Server and export and re-import the vCenter Server certificate to Connection Servers.

  1. On the Connection servers, open a browser and enter : https://vCenter_Server_FQDN:443/sdk
  2. Check on the Certificate and Export it to the desktop.
  3. Open MMC (Microsoft Management Console) and check under Trusted Root Certification Authorities folder to see if the vCenter certificate is already present.
  4. If the vCenter Server certificate is present, export the existing vCenter Server certificate to desktop or any location
  5. Delete the vCenter Server certificate from the folder.
  6. Import the vCenter certificate, exported from the FQDN to the Trusted Root Certification Authorities folder.
Note: If vCenter Server certificate is a CA certificate, make sure to delete the intermediate and root certificate (if present) as well and import them back to the folder.