Cannot add 3PAR storage provider because of certification error

Cannot add 3PAR storage provider because of certification error

Normally when using a self-signed certificate you get a warning. It is also normal to accept the certificate to continue your task. These days I wanted to register a 3PAR system as storage provider in vCenter. Because of a certification error, this could not be accomplished. In this post I describe how to solve – at least my – problem.

This error appears when I tried to add a new storage provider:


Next to the error a certification verification prompt was shown:


After accepting the self-signed certificate, storage provider was not created. So I did a little troubleshooting in 3PAR CLI. I looked at the 3PAR VASA (vSphere APIs for Storage Awareness) provider at the 3PAR. This can be done by running command: showvasa.


So it was enabled, but URL showed reverse DNS pointer (PTR) of the system’s IP address (octets showed in other way round) and appended. By running shownet I saw, no DNS was configured on the system.

First step to resolve this problem is to add a DNS IP address by running: setnet dns -add IP_address_of_DNS. After this, run setvasa -reset to reconfigure VASA to take account of the DNS server. But be careful and read the warning! When you didn’t use this 3PAR for any other vCenter as storage provider, which is probably the case when you run into this problem, go on. Otherwise check for vCenter connections because this reset will cut all VASA trusts. Re-run showvasa to see new URL. You should now see 3PAR’s name and domain-name of DNS server. Next you should add – if not already done – 3PAR A-Record to DNS. Otherwise you get storage provider created but showing 0 byte in size and errors:

  • Warning in vCenter that files cannot be created on new vVOL containers.
  • Errors on hosts in /var/log/vvold.log like:
      • Initialize: Failed to establish connection https://3PAR_address:9997/vasa
      • Unable to init session to VP 3PAR_name state: 0
      • Host name does not match the subject name(s) in certificate., using default

Now adding the system – by name or FQDN in URL – to storage providers should work fine.

5 responses to “Cannot add 3PAR storage provider because of certification error”

  1. sanjacilic says:

    Hi. great article. I did allready add VASA to my vcentre. after reseting vasa will chenge be done in vcenter also or do I have to add VASA with 3PAR DNS name instead of it’s IP again?

    • vNote42 says:

      You have to re-register VASA in vCenter after you run setvasa -reset. This you can also see in help-commend (setvasa -h): “This option will cause all operations between the VASA Provider and the vSphere environment to cease, until the VASA Provider is re-registered in vCenter.”

  2. sanjacilic says:

    now If I want to change 3par IP ( to a new one) there will no action neede on VASA…on vcenter side?

    • vNote42 says:

      – you added VASA using FQDN,
      – DNS is working properly and
      – IP is not part of your VASA certificate,
      than changing IP address of your 3PAR should work without re-register VASA in vCenter.

  3. sanjacilic says:

    thank you 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *