Loading...
Loading...
Changing the IP address of Unity already registered as VASA storage provider. Changing vCenter in Unity for which Unity acts as VASA storage provider. Following the certificate renewal on vCenter, when trying to set up the VASA storage provider again, the following error appeared on the storage side: Failed: The imported certificate cannot be save. (Error Code:0x600944) Rollback Result: Task was rolled back and marked as failed. This is because some tasks failed or SP rebooted during task execution. (Error Code:0x100a) When registering Unity as VASA storage provider, the following error displays: The "Register new storage provider" operation failed for the entity with the following error message. The provider certificate is invalid. It is either empty, malformed, expired, not yet valid, revoked, or fails host name verification.
The certificate is registered for an old Unity vCenter, and the certificate is expired. The location of the certificate on the storage may be present under the wrong structure, causing the system to fail to update the certificate.
Below is the procedure to get a new Unity certificate to add as a VASA storage provider from vSphere: Log in to Unity CLI (use service account). View existing certificates on Unity for VASA using below command: uemcli -u local/admin -p <password of Unity admin account> /sys/cert show -detail service@Unity spa:~/user# uemcli -u admin -securepassword /sys/cert show -detail1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Scope = Certificate ID = vasa_http-vc1-cacert-1 Trust anchor = Yes Version = 3 Serial number = XX:XX:XX:XX:XX:XX:XX:XX Signature algorithm = SHA256WithRSAEncryption Issuer name = OU=VMware Engineering,O=photon-machine,ST=California,C=US,DC=local,DC=vsphere,CN=CA Valid from = 2019-09-23 12:15:08 Valid to = 2029-09-20 12:15:08 Subject name = OU=VMware Engineering,O=photon-machine,ST=California,C=US,DC=local,DC=vsphere,CN=CA Subject alternative name = email:example@vmware.com, IP Address:127.0.0.1 Public key algorithm = RSA Key length = 2048 Thumbprint algorithm = SHA1 Thumbprint = XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Private key available = No2: ID = vasa_http-vc1-servercert-1 Type = Server Service = VASA_HTTP Scope = Certificate ID = vasa_http-vc1-servercert-1 Trust anchor = Yes Version = 3 Serial number =XX:XX:XX:XX:XX:XX:XX:XX Signature algorithm = SHA256WithRSAEncryption Issuer name = OU=VMware Engineering,O=photon-machine,ST=California,C=US,DC=local,DC=vsphere,CN=CA Valid from = 2021-02-24 08:59:13 Valid to = 2022-02-25 08:59:13 Subject name = CN=EMC VASA Vendor Provider Subject alternative name = IP Address:10.xx.xx.xx <<<<< Unity Management IP will be present here. Public key algorithm = RSA Key length = 2048 Thumbprint algorithm = SHA1 Thumbprint = XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Private key available = Yes Delete all the present certificates one by one using below command: uemcli -u local/admin -p <password of Unity admin account> /sys/cert -id <value> delete service@Unity spa:~/user# uemcli -u admin -securepassword /sys/cert -id vasa_http-vc1-servercert-1 deleteOperation completed successfully. There should be one default certificate on the Unity that cannot be deleted. When trying to delete it, the error displayed below appears. This error can be safely ignored: service@Unity spa:~/user# uemcli -u admin -securepassword /sys/cert -id vasa_http-vc1-servercert-1 deleteOperation failed. Error code: 0x6000940 The certificate does not exist. (Error Code:0x6000940) Add Unity as VASA storage provider on vSphere. Additional Notes: There is an exception when the certificate is expired. After you delete the vasa_http-vc1-servercert-1 on the Unity, the default certificate valid to reverts to 1970-01-01 . This may prevent re-registering the storage provider by returning a certificate error. In some instances, when trying to renew the connection after renewing the certificate on the Unity and vCenter and confirming that certificates are valid and present on both services, the system may still fail to update the VASA connectivity. vCenter may indicate that it is unable to import the certificate from the Unity array. If you experience one of these issues, contact Dell Technical Support , or your Service Provider, and quote this Dell article as reference.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.