Loading...
Loading...
Test 'thump' is one of a series of health-checks that can be run from VxVerify or PxVerify, prior to an upgrade. This check attempts to validate the SSL fingerprints used by a vSphere environment to ensure that they are consistent. Test Result Result code Result Interpretation Pass 0 SSL Thumbprints match Warning 1 There is a mismatch between the three thumbprints. VxRail Manager (VxRM), server.crt file is unreadable for the current user. If SSL Thumbprint queries cannot be run, this also warns. Failure 2 The SSL Thumbprints do not match. Critical 3 This test has no critical result. Each test that passes is not listed in the summary report, for ease of reading. #========================#======#=========#====================================================================#==============# | Hostname / Category |Status Dell_KB | Warnings or Failures, unless tests Passed ; Product S.N. | #========================#======#=========#====================================================================#==============# | VxRM | Failure 53279 | thump: VxRM thumbprint mismatch |
Details about the test results can found in the VxVerify log: /tmp/vxv/vxv.log VxRail 7.0 & 8.0 In VxVerify3 or 4, the 'thump' test reads Server.crt is the SSL thumbprint value (SHA1 and SHA256), of the server.crt file on VxRM ( /etc/vmware-marvin/ssl/server.crt ) . Cluster thumbprint is read from the VxRail Cluster custom attributes in vCenter, which is either SHA1 or SHA256. The server thumbprint (SHA1 and SHA256) is read directly from the localhost socket on the VxRM VM. An example from VxVerify4 vxv.log shows how the Cluster thumbprint from VC should match either the other SHA1 or SHA256 thumbprints: 2025-04-02 12:39:47-INFO [thump_cluster] Reading Cluster SSL Thumbprint 2025-04-02 12:39:47-INRO [thump] Server.crt SHA256 thumbprint: 8E5507DFB2729431331C37FB59CAAB2838CF82B06AC854075C2FF5A915080243 2025-04-02 12:39:47-INFO [thump] VxRM Server SHA256 thumbprint: 8E5507DFB2729431331C37FB59CAAB2838CF82B06AC854075C2FF5A915080243 2025-04-02 12:39:47-INFO [thump] VC extensionManager thumbprint: 8E5507DFB2729431331C37FB59CAAB2838CF82B06AC854075C2FF5A915080243 2025-04-02 12:39:47-INFO [thump] Cluster thumbprint from VC API: 8E5507DFB2729431331C37FB59CAAB2838CF82B06AC854075C2FF5A915080243 2025-04-02 12:39:47-INFO [thump] Server.crt SHA1 thumbprint: 5FBE9F612518FACDB3FB1FF591ADBBB98634B13A 2025-04-02 12:39:47-INFO [thump] VxRM Server SHA1 thumbprint: 5FBE9F612518FACDB3FB1FF591ADBBB98634B13A 2025-04-02 12:39:47-INFO [thump] SHA256 Thumbprints matched
One cause of the server.crt not matching, is a known issue on VxRail 4.7 (VXP-30747), and can be manually resolved (see below). VxVerify run with the --fix argument can correct the VxRM 4.x server.crt file or when using Core test profiles (see VxRail: How to run the VxRail Verify tool ). Alternatively, if the server.crt does not match the Cluster and VxRM thumbprints, the command below can update the server.crt with the running certificate details: openssl pkcs12 -in /etc/vmware-marvin/ssl/server.pfx -clcerts -nokeys -passin pass:$(grep "bio.SSL.password" /usr/lib/vmware-marvin/marvind/conf/catalina.properties|sed "s/bio.SSL.password=//g") -out /etc/vmware-marvin/ssl/server2.crt ; egrep -iv "Bag Attributes|localKeyID|subject=|issuer=" /etc/vmware-marvin/ssl/server2.crt > /etc/vmware-marvin/ssl/server.crt ; truncate -s -1 /etc/vmware-marvin/ssl/server.crt ; rm /etc/vmware-marvin/ssl/server2.crt Other mismatches must be investigated by Dell Support.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.