Our infrastructure is currently configured as below:
- A) 2 Connection Servers in network load balancing for the main environment
- B) 1 Connection Server for an isolated network
- C) 1 vCenter Server with co-installed Composer
One week ago we started the exciting journey "Upgrade your VMware View: from 4.6 to 5.1 + from Windows 2003 to Windows 2008 R2". In a nutshell the worst case...
No regrests, all is well documented in the "VMware View Upgrades 5.1" pdf, but maybe we have a configuration that is a little bit out of ordinary.
After all the steps required, we finally have our 4 servers upgraded up and running ...at least 90%.
The only thing left to fix is an error on the procedure to verify the View Composer certificate from the View Administrators of the point A) - see Figure 1.
Figure 1 - View Administrators point A)
The strange thing is that this procedure terminates successfully from the View Administrator of the point B). Obviously the certificate is the same - see Figure 2.
Figure 2 - View Administrator point B)
The error we catch when we try to verify the certificate is the following:
There was an error identifying the validity of the server.
And the corresponding error log in C:\ProgramData\Application Data\VMware\VDM\logs is:
2012-08-22T12:37:42.849+02:00 ERROR (0C88-13B4) <Publish VC Cert Task-1345625753539> [PublishVcCertToSviFederatedTask] Unable to update VC certificate thumbprints on SVI serverhttps://<ip_address>:18443 - javax.net.ssl.SSLHandshakeException: com.vmware.vdi.vcsupport.ssl.MismatchedThumbprintException: InvalidCertificateException[reasons:nameMismatch; subject:'CN=<fqdn>, OU=Information Technology, O=xxxxxxxxxxxxxxxxxxx, L=xxxxxxxxxxxxxxxxx, ST=xxxxxxxxxxxxxxxxxxxxx, C=xxxxxxxxxxxxxxxxx' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: nameMismatch, ChainReasons: ']
2012-08-22T12:37:42.850+02:00 DEBUG (0C88-13B4) <Publish VC Cert Task-1345625753539> [PublishVcCertToSviFederatedTask] Unable to update VC certificate thumbprints on SVI server https://xxxxxxxxxxxxxxxxxx:18443 com.vmware.vdi.desktopcontroller.PublishVcCertToSviFederatedTask.b(SourceFile:547)
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: com.vmware.vdi.vcsupport.ssl.MismatchedThumbprintException: InvalidCertificateException[reasons:nameMismatch; subject:'CN=xxxxxxxxxxxxxxxxxxxxxxxxxxxx, OU=Information Technology, O=xxxxxxxxxxxxxxxxx, L=xxxxxxxxxxxxxxxx, ST=xxxxxxxxxxxxxx, C=xxxxxxxxxxxxx' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: nameMismatch, ChainReasons: ']
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: com.vmware.vdi.vcsupport.ssl.MismatchedThumbprintException: InvalidCertificateException[reasons:nameMismatch; subject:'CN=vmware-vcenter1.schio2000.comune.schio.vi.it, OU=Information Technology, O=Pasubio Tecnologia S.r.l., L=Schio, ST=Vicenza, C=IT' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: nameMismatch, ChainReasons: ']
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
...
We will be obliged if some of you had some idea.
Cheers, y.da