vCenter Server Appliance (VCSA) Hardware Status tab not working

Yesterday I observed a small problem in my environment. When I clicked on the hardware status tab in the C# client I got the following error message.
error
I done a little research on Google and found some VMware KB articles with similar problems. In all of these articles the CIM service on the ESXi host should be restarted. I checked if the Health status on a single ESXi host is also not working but I got this:
healthstatus
So Health status is working on the host. Another problem all of this articles stated was that maybe the ports for the CIM service are not open or blocked be a firewall. I also checked this. ESXi was configured to allow CIM ports and the VCSA also didn’t block any ports. Both, the ESXi and VCSA, are running on the same subnet so there is also no firewall between them.
But what can cause this problem. After a short tweet, Frank Büchsel (@fbuechsel) gave me some hint where I can look for errors. When using VCSA you can find a log called vws.log (Common Interface Model log) under /var/log/vmware-vpx/vws.log. There I found the following error:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It looks like I had an certificate problem, but why? Seconds later I had my answer. I have done a VCSA upgrade from 5.1 to 5.5 several weeks ago. During this upgrade I also changed the FQDN of the VCSA. I checked the used certificate and I was right. It used the old one. So I had to regenerate the existing certificate. Here is a blog post from William Lam (@lamw) if you will do it in an automated way.
To regenerate the certificate go to https://FQDN_VCSA:5480 and login with the root user. Then go to the Admin tab and select the following
regenerate
After you select YES you have to reboot the VCSA.
During the reboot you will see that the appliance is regenerating the self-signed certificate.
bootVCSA
Once the VCSA is fully booted check if the Hardware tab is back again.
hardwarestatus
Additional information about location of vCenter log files can be found here.

1 Response

  1. Neil says:

    worked for VCSA 5.5,   thank you !

Leave a Reply

Your email address will not be published. Required fields are marked *