Recently after I upgraded my VDP to 6.1.6, there was issues connecting this appliance to the web client. The screen used to be grayed out forever and the vdr-server.log did not have any information about this cause.
When we ran the below command we saw the there were 5 vCenter connections down
Name Status
---------------------------------- ---------------------------
/cartman.southpark.local 5 vCenter connection(s) down.
The MCS restart failed with the following in the mcserver.out log file located under
Caught Exception : Exception : org.apache.axis.AxisFault Message : ; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path. StackTrace :
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 30 more
Caused by: java.security.cert.CertPathBuilderException: Could not build a validated path.
at com.rsa.cryptoj.o.qb.engineBuild(Unknown Source)
This is because of the ignore_vc_cert = false
To fix this, either edit the mcserver.xml file manually and change the value from false to true or run the below command (Make sure a backup of mcserver.xml is taken):
Restart the MCS (From admin mode) using:
That should fix the connection issue. Hope this helps!
When we ran the below command we saw the there were 5 vCenter connections down
# mccli server show-services
Name Status
---------------------------------- ---------------------------
/cartman.southpark.local 5 vCenter connection(s) down.
The MCS restart failed with the following in the mcserver.out log file located under
# cd /usr/local/avamar/var/mc/server_log/mcserver.out
Caught Exception : Exception : org.apache.axis.AxisFault Message : ; nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path. StackTrace :
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 30 more
Caused by: java.security.cert.CertPathBuilderException: Could not build a validated path.
at com.rsa.cryptoj.o.qb.engineBuild(Unknown Source)
This is because of the ignore_vc_cert = false
# grep ignore_vc /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml<entry key="ignore_vc_cert" value="false" />
To fix this, either edit the mcserver.xml file manually and change the value from false to true or run the below command (Make sure a backup of mcserver.xml is taken):
# sed -i -e 's/entry key="ignore_vc_cert" value="false"/entry key="ignore_vc_cert" value="true"/g' /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
Restart the MCS (From admin mode) using:
# mcserver.sh --restart
That should fix the connection issue. Hope this helps!
0 comments:
Post a Comment