Friday, 12 January 2018

VDP 6.1.6 Does Not Connect To Web Client After An Upgrade

Recently after I upgraded my VDP to 6.1.6, there was issues connecting this appliance to the web client. The screen used to be grayed out forever and the vdr-server.log did not have any information about this cause.

When we ran the below command we saw the there were 5 vCenter connections down
# mccli server show-services

Name                               Status
---------------------------------- ---------------------------
/cartman.southpark.local           5 vCenter connection(s) down.

The MCS restart failed with the following in the mcserver.out log file located under
# cd /usr/local/avamar/var/mc/server_log/mcserver.out

Caught Exception :  Exception : org.apache.axis.AxisFault Message : ; nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path. StackTrace :
AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode:
 faultString: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
 faultActor:
 faultNode:
 faultDetail:
        {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.


Caused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 30 more
Caused by: java.security.cert.CertPathBuilderException: Could not build a validated path.
        at com.rsa.cryptoj.o.qb.engineBuild(Unknown Source)

This is because of the ignore_vc_cert = false
# grep ignore_vc /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml
<entry key="ignore_vc_cert" value="false" />

To fix this, either edit the mcserver.xml file manually and change the value from false to true or run the below command (Make sure a backup of mcserver.xml is taken):
# sed -i -e 's/entry key="ignore_vc_cert" value="false"/entry key="ignore_vc_cert" value="true"/g'  /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

Restart the MCS (From admin mode) using:
# mcserver.sh --restart

That should fix the connection issue. Hope this helps!