Cannot add 3PAR storage provider because of certification error

Posted: September 29, 2019/Under: HPE, HPE & VMware, HPE | Storage, VMware, VMware | Storage/By: vNote42

Cannot add 3PAR storage provider because of certification error

Normally when using a self-signed certificate you get a warning. It is also normal to accept the certificate to continue your task. These days I wanted to register a 3PAR system as storage provider in vCenter. Because of a certification error, this could not be accomplished. In this post I describe how to solve – at least my – problem.

This error appears when I tried to add a new storage provider:

vvol_storage_provider_2

Next to the error a certification verification prompt was shown:

vvol_storage_provider_3.png

After accepting the self-signed certificate, storage provider was not created. So I did a little troubleshooting in 3PAR CLI. I looked at the 3PAR VASA (vSphere APIs for Storage Awareness) provider at the 3PAR. This can be done by running command: showvasa.

vvol_storage_provider_5

So it was enabled, but URL showed reverse DNS pointer (PTR) of the system’s IP address (octets showed in other way round) and .in-addr.arpa:9997/vasa appended. By running shownet I saw, no DNS was configured on the system.

First step to resolve this problem is to add a DNS IP address by running: setnet dns -add IP_address_of_DNS. After this, run setvasa -reset to reconfigure VASA to take account of the DNS server. But be careful and read the warning! When you didn’t use this 3PAR for any other vCenter as storage provider, which is probably the case when you run into this problem, go on. Otherwise check for vCenter connections because this reset will cut all VASA trusts. Re-run showvasa to see new URL. You should now see 3PAR’s name and domain-name of DNS server. Next you should add – if not already done – 3PAR A-Record to DNS. Otherwise you get storage provider created but showing 0 byte in size and errors:

  • Warning in vCenter that files cannot be created on new vVOL containers.
  • Errors on hosts in /var/log/vvold.log like:
      • Initialize: Failed to establish connection https://3PAR_address:9997/vasa
      • Unable to init session to VP 3PAR_name state: 0
      • Host name does not match the subject name(s) in certificate., using default

Now adding the system – by name or FQDN in URL – to storage providers should work fine.

5 responses to “Cannot add 3PAR storage provider because of certification error”

  1. sanjacilic says:
    June 18, 2020 at 12:59 pm

    Hi. great article. I did allready add VASA to my vcentre. after reseting vasa will chenge be done in vcenter also or do I have to add VASA with 3PAR DNS name instead of it’s IP again?

    Reply
    • vNote42 says:
      June 18, 2020 at 1:32 pm

      Hi!
      You have to re-register VASA in vCenter after you run setvasa -reset. This you can also see in help-commend (setvasa -h): “This option will cause all operations between the VASA Provider and the vSphere environment to cease, until the VASA Provider is re-registered in vCenter.”
      Regards

      Reply
  2. sanjacilic says:
    June 18, 2020 at 2:13 pm

    now If I want to change 3par IP ( to a new one) there will no action neede on VASA…on vcenter side?

    Reply
    • vNote42 says:
      June 18, 2020 at 3:07 pm

      When
      – you added VASA using FQDN,
      – DNS is working properly and
      – IP is not part of your VASA certificate,
      than changing IP address of your 3PAR should work without re-register VASA in vCenter.

      Reply
  3. sanjacilic says:
    June 18, 2020 at 3:27 pm

    thank you 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Veeam Vanguard

Veeam Legend

VMware vExpert

Follow me

RSS
Twitter