Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Reconfiguring existing replications fail in Cloud Director Availability, and you see the error: Unable to connect to vCenter '7c677ea0-6581-4c54-b104-356a0bfd2ffc'. In the /opt/vmware/h4/cloud/log/cloud.log file on the destination Cloud Replication Management Appliance, you see entries similar to: 2021-05-19 13:08:53.781 ERROR - [UI-660650c3-54f0-41c6-bf98-3711187257aa-WY] [task-poller-3] com.vmware.h4.jobengine.JobExecution : Task 67464ed3-6d87-4ac5-8d9d-f928fd0baf64 (WorkflowInfo{type='reconfigure', resourceType='vmReplication', resourceId='C4-680a4c63-6b8e-4c32-bc16-62f15f1eae06', isPrivate=false, resourceName='null’ }) has failedcom.vmware.h4.replicator.api.exceptions.FailedToAcquireVcConnection: Unable to connect to vCenter ‘7c677ea0-6581-4c54-b104-356a0bfd2ffc’. at jdk.internal.reflect.GeneratedConstructorAccessor2353.newInstance(Unknown Source) ... Similar entries to those present in the /opt/vmware/h4/cloud/log/cloud.log file can also be seen in the /opt/vmware/h4/manager/log/manager.log file on the destination Cloud Replication Management Appliance.In the /opt/vmware/h4/replicator/log/replicator.log file on the destination Cloud Replicator Appliance, you see entries similar to: 2021-05-19 11:08:53.731 INFO - [UI-660650c3-54f0-41c6-bf98-3711187257aa-WY-h6-VA] [job-46] c.v.identity.token.impl.SamlTokenImpl : SAML token for SubjectNameId [value=Administrator@VSPHERE.LOCAL, format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from Element2021-05-19 11:08:53.732 INFO - [UI-660650c3-54f0-41c6-bf98-3711187257aa-WY-h6-VA] [job-46] c.v.i.t.impl.X509TrustChainKeySelector : Failed to find trusted path to signing certificate <OU=VMware,O=VMware,L=VMware,ST=VMware,C=DS,CN=STS>sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target...2021-05-19 11:08:53.732 ERROR - [UI-660650c3-54f0-41c6-bf98-3711187257aa-WY-h6-VA] [job-46] c.v.identity.token.impl.SamlTokenImpl : Signature validation failedjavax.xml.crypto.dsig.XMLSignatureException: the keyselector did not find a validation key...2021-05-19 11:08:53.732 DEBUG - [UI-660650c3-54f0-41c6-bf98-3711187257aa-WY-h6-VA] [job-46] com.vmware.h4.replicator.vc.VcConnector : Unable to connect to vCenter ‘7c677ea0-6581-4c54-b104-356a0bfd2ffc’.com.vmware.vlsi.client.sso.SsoException: com.vmware.vim.sso.client.exception.MalformedTokenException: Signature validation failed... Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
This issue can occur when there are multiple service registrations in the Lookup service for the STS service.
To verify you are experiencing this issue, query the Lookup service for the STS service registration. Log in to the vCenter Server/PSC Appliance through SSH or console as root.Change to Bash shell by typing shell and press Enter.Run the following command to get the current sslTrust anchor stored for the vCenter Server: /usr/lib/vmware-lookupsvc/tools/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null Example output:Service Product: com.vmware.cisService Type: cs.identityService ID: 810298bb-196f-4988-b9c3-2dbf796282bbSite ID: default-first-siteOwner ID: vc01.vsphere.local@vsphere.localVersion: 2.0Endpoints: Type: com.vmware.cis.cs.identity.sso Protocol: wsTrust URL: https://vc01.vsphere.local/sts/STSService/vsphere.local-------------------------------------------------------Service Product: com.vmware.cisService Type: cs.identityService ID: ec605cd2-52de-412f-b471-24bb3a47f2f6Site ID: default-first-siteOwner ID: vc01.vsphere.local @vsphere.localVersion: 2.0Endpoints: Type: com.vmware.cis.cs.identity.sso Protocol: wsTrust URL: https:// vc01.vsphere.local/sts/STSService/vsphere.localNote: The expected result is one STS service entry per site. If the service registrations have different Service IDs, contact VMware vCenter Server Support and note this Article ID (83820) in the problem description. For more information, see How to File a Support Request.