A very quick write up today. I’ve recently upgraded one of my VMware Cloud Director environments from 10.0.0.1 to 10.2.1. Once updated with the procedures that are out there (I will post a blogpost for this later on) I found myself with the following message after logging into the VMware Cloud Director UI:

One or more VC/NSXs have been detected to be disconnected. This could be due to SSL verification failures. Please refer to KB78885 for potential solutions.
Critical error message while logging in to VCD after upgrade to VCD 10.2
Critical error message while logging in to VCD after upgrade to VCD 10.2

Fortunately I knew this would happen after I upgraded (Good preperations are key). Starting with VCD 10.1, VCD has enhanced the way it uses and validates SSL certificates. VMware Cloud Director will now always verify certificates for any infrastructure endpoint connected to it. Normally you would import the certificates used in the environment before you upgrade to 10.1 or higher, but I was quite lazy and didn’t do that. Which isn’t an issue because you can always do it after the upgrade. Just make sure you don’t forget this. Have a look at the KB mentioned in the message and you should be good to go.

But since I did not, I received the message and and needed to validate them. If you go to your infrastructure endpoint through the Resources -> Infrastructure Resources -> vCenter Servers you will see that the connected vCenter Servers will show “disconnected”. Now there are two ways you can fix this, an easy fix all way, or the manual way.

  1. Login to the VCD UI go to Resources -> Infrastructure Resources -> vCenter Servers and manually edit each vCenter Server and Save it again. This way you will receive a popup with the certificate details that you can validate. You will have to do this for each vCenter that is connected to your VCD environment.
  2. Or you can use the easy fix all of it at once way:
    • Make sure the vCenter and the connected NSX Manager instances are running.
    • Login to the VCD Cell through SSH.
    • Execute the following command to automatically accept and validate any certificate for all of the connected (vSphere) infrastructure endpoints.
/opt/vmware/vcloud-director/bin/cell-management-tool trust-infra-certs --vsphere --unattended

Once you’ve executed this command you will get some feedback. This will look like something as below:

root@vcd-cell01 [ ~ ]# /opt/vmware/vcloud-director/bin/cell-management-tool trust-infra-certs --vsphere --unattended
Downloading certificates for 2 host(s):
nsxmanager01.local                                [Download: SUCCESS]
vcsa01.local                                      [Download: SUCCESS]
Downloaded certificates for 2/2 host(s).
Trusting certificates for 2 host(s):
vcsa01.local                                       [Trusted: SUCCESS]
nsxmanager01.local                                 [Trusted: SUCCESS]
Trusted 2/2 downloaded certificates.

Now login back to the VCD UI and find your vCenter(s) in a healthy state again. You can now dismiss the message and continue with your freshly updated VCD environment.


Bryan van Eeden

Bryan is an ambitious and seasoned IT professional with almost a decade of experience in designing, building and operating complex (virtual) IT environments. In his current role he tackles customers, complex issues and design questions on a daily basis. Bryan holds several certifications such as VCIX-DCV, VCAP-DCA, VCAP-DCD, V(T)SP and vSAN and vCloud Specialist badges.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *