As part of our patching process we applied security patches to one of the vSphere ESXi servers. All seemed to go well until we tried to compose systems onto it. We ended up with VDI clients being added to the server, but they’d never start up.
Clearly this was something to do with the patches that were applied.
Checking the log bundle we produced it was certainly an SSL related issue. Those damned certificates again! Well not quite.
Reading through the vmware-vdicomposer.log I picked up on a few of these messages:
Machine Name: VDICOMPOSER, Timestamp: 24/10/2016 15:01:52, App Domain Name: SviWebService.exe, Thread Identity: , Windows Identity: NT AUTHORITY\SYSTEM, OS Version: Microsoft Windows NT 6.1.7601 Service Pack 1, reason: ServiceUnreachable access host: vdiesx01.domain.local access port: 902 disk datastore path: [vdiesx01_fio] VDITestNew_1/VDITestNew_11-internal.vmdk expected certificate thumbprint:
Very strange, a blank thumbprint. Checking the VDI database table dbo.VPX_HOSTS we compared the expected thumbprint to the actual thumbprint on the vSphere server and all looked good. But something couldn’t be right.
Continue reading →