My VSAN lab has been experiencing this issue since updating to 6.7 U3 + U3a.[https://kb.vmware.com/s/article/74731](https://kb.vmware.com/s/article/74731)
The documented fix being U3a, but issue is still present in my environment.
Another user mentioned that he experienced an issue with services IDs having bad/old thumbprint. With the script ls_ssltrust_fixer.py he was able to resolve this glitch.
I believe I maybe experiencing this same issue as my vsphere_client_virgo.log reads:
com.vmware.vsphere.client.vsan.base.cache.TimeBasedCacheEntry Unable to get the validation token – invalidating the value com.vmware.vsphere.client.vsandp.core.sessionmanager.common.NotAccessibleException: Cannot connect to the specified site.
Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn’t match
I’ve tried regenerating the VCSA Sub CA cert w/ my internal Microsoft AD CA and replacing all. Didn’t help.
Searching around I cannot find any info about this script or possible resolution to get my HTML5 VSAN management working again. My 2 node robo environment was without any issue prior to U3.
Any help to share script or provide feedback on issue would be appreciated. Thank you.
View Reddit by iL1fe – View Source