new1234.jpg

Archive

Posts Tagged ‘Certificates’

VMware: Perf Charts service experienced an internal error

December 16th, 2015 No comments

A few weeks ago a customer asked me to take a look at the following warning message in VMware vCenter when the Performance Tab in the vSphere client is being opened.

  

Perf Charts service experienced an internal error.

Message: Report application initialization is not completed successfully. Retry in 60 seconds

 
image


Troubleshooting time

Global checks:

  • The Windows Event logs are clean
  • VMware vSphere (web-) services are started with normal credentials
  • I was able to restart service accounts with domain based credentials (no locking)
  • Windows Firewall was enabled but no drops in the logging
  • No recent installed Windows Updates
  • No unplanned restarts or crashes
  • The installed certificate was not expired
  • The installed certificate was 2048 bit
  • No conflicting webserver ports at the vCenter server
    ..some more troubleshooting

I checked the wrapper.log and stas.log files located at the following location:

Path: C:\ProgramData\VMware\VMware VirtualCenter\Logs\

clip_image002

 

 

 

 

 

 

 

 

 

  

clip_image002[5]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Hmm, he logging shows that there are problems with the installed vCenter SSL certificate:
 

Error constructing private key..

..Error decrypting password

After some troubleshooting I saw that every time I open the Performance tab a new webserver SSL private key decrypting error was written in the stats.log.

I already had checked the expire date of the installed SSL certificate, it was a normal 2048 bit wildcard certificate.. oh, eh, wildcard..?? Let’s see if it is supported:

“The use of wildcard certificates are not supported with vCenter Server and its related services. Each service must have its own unique certificate”

Nope, it is not! Maybe this is the root cause.

After checking the SSL requirements at the VMware KB  I found the SSL format which is needed to generate the certificate: OpenSSL Version 0.9.8 must be used. If you do not use this version, the SSL implementation fails. <– I couldn’t check this because there was no documentation of the SSL generation

 

Solution

The customer used a wildcard SSL certificate which is not supported

More information: VMware

sanderdaems

Sander Daems is founder and author of this blog and working as a Sr. Infrastructure Consultant by IT-Value. Sander has over 10 years experience in IT, primary focus: virtualization, storage and SBC

More Posts - Website

Follow Me:
TwitterLinkedIn

VMware: Replacing ESX Certificates

April 24th, 2009 1 comment

Op vmug.nl forum plaatste Erwieno een mooie handleiding over het vervangen van ESX certificaten. Met een duidelijke uitleg sowieso de moeite waard om het ook hier te publiceren.

– Wat heb je nodig:

OpenSSL
Winscp
Putty
Certificate Authority (Windows 2003)

– Stappen om uit te voeren:

Install on windows server 2003 Certificate Authority:
Follow the installation steps “when asked for Common Name fill in the server name”

Read more…

sanderdaems

Sander Daems is founder and author of this blog and working as a Sr. Infrastructure Consultant by IT-Value. Sander has over 10 years experience in IT, primary focus: virtualization, storage and SBC

More Posts - Website

Follow Me:
TwitterLinkedIn

Categories: VMware Tags: , , ,