A very quick write up today. I’ve recently upgraded one of my VMware Cloud Director environments from 10.0.0.1 to 10.2.1. Once updated with the procedures that are out there (I will post a blogpost for this later on) I found myself with the following message after logging into the VMware Cloud Director UI:
One or more VC/NSXs have been detected to be disconnected. This could be due to SSL verification failures. Please refer to KB78885 for potential solutions.
Fortunately I knew this would happen after I upgraded (Good preperations are key). Starting with VCD 10.1, VCD has enhanced the way it uses and validates SSL certificates. VMware Cloud Director will now always verify certificates for any infrastructure endpoint connected to it. Normally you would import the certificates used in the environment before you upgrade to 10.1 or higher, but I was quite lazy and didn’t do that. Which isn’t an issue because you can always do it after the upgrade. Just make sure you don’t forget this. Have a look at the KB mentioned in the message and you should be good to go.
But since I did not, I received the message and and needed to validate them. If you go to your infrastructure endpoint through the Resources -> Infrastructure Resources -> vCenter Servers you will see that the connected vCenter Servers will show “disconnected”. Now there are two ways you can fix this, an easy fix all way, or the manual way.
- Login to the VCD UI go to Resources -> Infrastructure Resources -> vCenter Servers and manually edit each vCenter Server and Save it again. This way you will receive a popup with the certificate details that you can validate. You will have to do this for each vCenter that is connected to your VCD environment.
- Or you can use the easy fix all of it at once way:
- Make sure the vCenter and the connected NSX Manager instances are running.
- Login to the VCD Cell through SSH.
- Execute the following command to automatically accept and validate any certificate for all of the connected (vSphere) infrastructure endpoints.
/opt/vmware/vcloud-director/bin/cell-management-tool trust-infra-certs --vsphere --unattended
Once you’ve executed this command you will get some feedback. This will look like something as below:
root@vcd-cell01 [ ~ ]# /opt/vmware/vcloud-director/bin/cell-management-tool trust-infra-certs --vsphere --unattended
Downloading certificates for 2 host(s):
nsxmanager01.local [Download: SUCCESS]
vcsa01.local [Download: SUCCESS]
Downloaded certificates for 2/2 host(s).
Trusting certificates for 2 host(s):
vcsa01.local [Trusted: SUCCESS]
nsxmanager01.local [Trusted: SUCCESS]
Trusted 2/2 downloaded certificates.
Now login back to the VCD UI and find your vCenter(s) in a healthy state again. You can now dismiss the message and continue with your freshly updated VCD environment.