Cannot add 3PAR storage provider because of certification error
Normally when using a self-signed certificate you get a warning. It is also normal to accept the certificate to continue your task. These days I wanted to register a 3PAR system as storage provider in vCenter. Because of a certification error, this could not be accomplished. In this post I describe how to solve – at least my – problem.
This error appears when I tried to add a new storage provider:
Next to the error a certification verification prompt was shown:
After accepting the self-signed certificate, storage provider was not created. So I did a little troubleshooting in 3PAR CLI. I looked at the 3PAR VASA (vSphere APIs for Storage Awareness) provider at the 3PAR. This can be done by running command:
So it was enabled, but URL showed reverse DNS pointer (PTR) of the system’s IP address (octets showed in other way round) and
.in-addr.arpa:9997/vasa appended. By running
shownet I saw, no DNS was configured on the system.
First step to resolve this problem is to add a DNS IP address by running:
setnet dns -add IP_address_of_DNS. After this, run
setvasa -reset to reconfigure VASA to take account of the DNS server. But be careful and read the warning! When you didn’t use this 3PAR for any other vCenter as storage provider, which is probably the case when you run into this problem, go on. Otherwise check for vCenter connections because this reset will cut all VASA trusts. Re-run
showvasa to see new URL. You should now see 3PAR’s name and domain-name of DNS server. Next you should add – if not already done – 3PAR A-Record to DNS. Otherwise you get storage provider created but showing 0 byte in size and errors:
- Warning in vCenter that files cannot be created on new vVOL containers.
- Errors on hosts in
Initialize: Failed to establish connection https://3PAR_address:9997/vasa
Unable to init session to VP 3PAR_name state: 0
Host name does not match the subject name(s) in certificate., using default
Now adding the system – by name or FQDN in URL – to storage providers should work fine.