Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Virtualization Manager (VMAN) > Data collection fails for certain vCenter Servers after upgrading to Virtualization Manager 6.1.1 and later

Data collection fails for certain vCenter Servers after upgrading to Virtualization Manager 6.1.1 and later

Table of contents

Issue:

Data collection fails for certain vCenter Servers which were upgraded from version 4.0 and below.

Cause:

The version of Java shipped with Virtualization Manager version 6.1.1 and later rejects connections to vCenter Servers which are using RSA certificates shorter than 1024 bits. Even though vCenter Server uses 2048-bit certificates by default since version 4.1, these certificates are not regenerated when the system is updated. As a result, data collection from vCenters which were updated from version 4.0 and below fails.

Resolution:

Option 1 (Recommended): Regenerate the certificates

See the following KB article at the VMware website for instructions about how to check the length of the certificate and how to regenerate it:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2037082

 

Option 2: Modify the Java security settings to allow certificates with short RSA keys

  1. Use SSH to connect to the Virtualization Manager appliance or to the Collector appliance which monitors the affected data sources.
  2. Stop Virtualization Manager by using the following command: sudo service tomcat stop
  3. Type or paste the following command: sudo sed -i.bak 's/jdk\.certpath\.disabledAlgorithms=MD2, RSA keySize < 1024/jdk\.certpath\.disabledAlgorithms=MD2/' /usr/java/default/jre/lib/security/java.security
  4. Start Virtualization Manager by using the following command: sudo service tomcat start
Last modified
13:06, 13 Nov 2015

Tags

Classifications

Public