Troubleshooting
Problem
A known issue about Security Token Service (STS) certificate expiry is reported on VMware vCenter Server for IBM Cloud Pak System.
Symptom
The following symptoms can be applicable to the Security Token Service (STS) certificate expiry on the VMware vCenter Server for IBM Cloud Pak System:
- Symptom 1: Service49 and Service78 can go down if the Security Token Service (STS) certificate on VMware vCenter Server is not renewed before its expiry date.
- Symptom 2: Service49 and Service78 are down because the Security Token Service (STS) certificate on the VMware vCenter Server expired. The VMware vCenter Server fails to start with the expired certificates.
A server error is displayed as follows when you connect to the VMware vCenter Server web client:
Cause
The expiry of the Security Token Service (STS) certificate on the VMware vCenter Server for IBM Cloud Pak System.
Environment
| Product | Component | Platform | Version |
|---|---|---|---|
| IBM Cloud Pak System W3500 | Product Components -> VMware vCenter | Platform Independent | All Versions |
| IBM Cloud Pak System W3550 | |||
| IBM Cloud Pak System W4600 Commercial for VMware |
Resolving The Problem
The resolution to address the issue is based on the following symptoms:
- Symptom 1: Service49 and Service78 can go down if the Security Token Service (STS) certificate on VMware vCenter Server is not renewed before its expiry date.
Resolution: Periodically monitor and check the expiry date of the VMware vCenter Server web client certificate (STS).
How to check the VMware vCenter Server web client certificate?
Do the following steps:
- If not configured, set up an IP address to allow external access to VMware vCenter Server. For more information, see Configuring the virtual manager external IP address.
- Create a user ID that is used for external access to VMware vCenter Server. For more information, see Configuring external application access.
Select the following options when you create the user:- Set the Access Scope to Everything.
- For the Virtual Manager Privilege Set, select Read Only.
- After you create the user, click Show Details in the Actions column. Make a note of the Virtual Manager IP address, username, and password. For steps to view or regenerate the passwords, see Viewing and regenerating passwords for external applications.
What to do next
You can access the VMware vCenter Server web client by opening https://<IP address that you obtained in the previous step> from a web browser to access the web console for VMware vSphere. Use the username and password from step 3 to authenticate.
For more information, see Monitoring VMware vCenter. Follow these steps:
- Open the VMware vCenter Server web client.
- Click the certificate error that follows the URL.
-
For example, see the following image. Check the duration that is displayed at Valid from <date> to <date>. It shows that it was renewed.
If the certificate is about to expire soon or is nearing the expiry date, contact IBM Cloud Pak System Support before its expiry date by opening a case from the MySupport page. From the support page, search and select IBM Cloud Pak System and its firmware level on the system.
- Symptom 2: Service49 and Service78 are down because the Security Token Service (STS) certificate on the VMware vCenter Server expired. The VMware vCenter Server fails to start with the expired certificates.
Resolution: Contact IBM Cloud Pak System Support by opening a case from the MySupport page. From the support page, search and select IBM Cloud Pak System and its firmware level on the system.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"ARM Category":[{"code":"a8m0z000000cwmlAAA","label":"Product Components-\u003EVMware \/ vCenter"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
19 July 2022
UID
ibm16568423