A few weeks ago a customer asked me to take a look at the following warning message in VMware vCenter when the Performance Tab in the vSphere client is being opened.
Perf Charts service experienced an internal error.
Message: Report application initialization is not completed successfully. Retry in 60 seconds
- The Windows Event logs are clean
- VMware vSphere (web-) services are started with normal credentials
- I was able to restart service accounts with domain based credentials (no locking)
- Windows Firewall was enabled but no drops in the logging
- No recent installed Windows Updates
- No unplanned restarts or crashes
- The installed certificate was not expired
- The installed certificate was 2048 bit
- No conflicting webserver ports at the vCenter server
- ..some more troubleshooting
I checked the wrapper.log and stas.log files located at the following location:
Path: C:\ProgramData\VMware\VMware VirtualCenter\Logs\
Hmm, he logging shows that there are problems with the installed vCenter SSL certificate:
Error constructing private key..
..Error decrypting password
After some troubleshooting I saw that every time I open the Performance tab a new webserver SSL private key decrypting error was written in the stats.log.
I already had checked the expire date of the installed SSL certificate, it was a normal 2048 bit wildcard certificate.. oh, eh, wildcard..?? Let’s see if it is supported:
“The use of wildcard certificates are not supported with vCenter Server and its related services. Each service must have its own unique certificate”
Nope, it is not! Maybe this is the root cause.
After checking the SSL requirements at the VMware KB I found the SSL format which is needed to generate the certificate: OpenSSL Version 0.9.8 must be used. If you do not use this version, the SSL implementation fails. <– I couldn’t check this because there was no documentation of the SSL generation
The customer used a wildcard SSL certificate which is not supported
More information: VMware