AppSync: vCenter lost connectivity to Appsync, as cacert file got corrupted
Summary: AppSync lost connectivity to vCenter, reason for this was the corruption of cacert file.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
1. Connectivity to the vCenter is lost.
2. Rediscover of the vCenter fails, also we cannot remove the vCenter.
3. Resetting the credentials pops dialog box with below error:
Reviewing the Server logs with respect to timestamp of trial shows events as below:
2. Rediscover of the vCenter fails, also we cannot remove the vCenter.
3. Resetting the credentials pops dialog box with below error:
Exception in VCConnectionCache:failed to connect: Keystore was tampered with, or password was incorrect : Password verification failed
Reviewing the Server logs with respect to timestamp of trial shows events as below:
<TimeStamp> DEBUG [default task-29] [com.emc.archway.securedcommands.ArchwayEJBInterceptor] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> Bean level security checking for public java.util.UUID com.emc.archway.securedcommands.vmware.ValidateCreateVCenterServerCommandSecuredBean.validateAndCreate(com.emc.archway.context.ExecutionContext,com.emc.archway.objectmodel.host.vcenterserver.VCenterServer) throws java.rmi.RemoteException,com.emc.archway.errorMessages.ObjectAlreadyExistsException,com.emc.archway.errorMessages.ArchwayException,com.emc.archway.acl.AuthorizationConfigException <TimeStamp> DEBUG [default task-29] [com.emc.archway.service.vc.VCEntityLockCommandBean] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> EJB default - 1Locking entityID:https://FQDN/sdk for update <TimeStamp> INFO [default task-29] [com.emc.archway.service.vc.VCConnectionCache] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> getURLConnection::https://FQDN/sdk creating a new connection to url:https://vmcsxxxx.xxx.co.xx/sdk as no cached connection available <TimeStamp> INFO [default task-29] [com.emc.archway.service.vc.BasicVCConnection] [Appsync Server Name] [] 2b3e6a5c-f7e2-41f7-ba01-229fcb6d6417->>> establishing TLS connection <TimeStamp> DEBUG [default task-29] [com.emc.archway.service.vc.EnableSecurity] [Appsync Server Name] [] 2b3e6a5c-f7e2-41f7-ba01-229fcb6d6417->>> getTrustMangerForCertificates using keystoreName: install_dir:\EMC\AppSync\jboss\_jre\lib\security\cacerts <TimeStamp> ERROR [default task-29] [com.emc.archway.service.vc.VCConnectionCache] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> Exception in VCConnectionCache:failed to connect: Keystore was tampered with, or password was incorrect : Password verification failed <TimeStamp> INFO [default task-29] [com.emc.archway.service.eventservice.EventServiceBean] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> EVENT [VM_000156]: Unable to create a new connection to vCenter server:https://FQDN/sdk failed to connect: Keystore was tampered with, or password was incorrect : Password verification failed(METADATA: TYPE-ERROR, TIME-Time-Stamp.738+0400NATIVETIME-2022-05-17 <TimeStamp>, HOST-Appsync Server Name, PHASE-, THREAD=default task-29, USER-s911987, CATEGORY-GENERIC, SESSIONID-iGywYTLkg9bspkRYZYlvF9gD8vP78L0__2c6_0N2) <TimeStamp> INFO [default task-29] [com.emc.archway.service.vc.VCEntityLockCommandBean] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> EJB default - 1Unlocking entityID:https://FQDN/sdk for update <TimeStamp> INFO [default task-29] [com.emc.archway.service.vc.VCServiceBean] [Appsync Server Name] [] 0dbfcdd0-69a8-43b2-9555-e8133aa932ca->>> Exception while getting connection to vc ::Unable to create a new connection to vCenter server:https://FQDN/sdk. Error: failed to connect: Keystore was tampered with, or password was incorrect : Password verification failed: com.emc.archway.service.eventservice.exceptions.ConnectionManagerException: Unable to create a new connection to vCenter server:https://FQDN/sdk. Error: failed to connect: Keystore was tampered with, or password was incorrect : Password verification failed at deployment.archway-ear.ear.vcservice-4.3.0.0-SNAPSHOT.jar//com.emc.archway.service.vc.VCConnectionCache.getConnection(VCConnectionCache.java:236)
Cause
In the above case, a third party application happened to corrupt the cacert file leading to the cause of the issue.
Resolution
Follow the below steps to validate and replace the corrupted cacer file with the healthy cacert file.
1. To Validate if the ca-cert file is corrupted.
If the above command errors out with the "Keystore was tampered with, or password was incorrect : Password verification failed:" error, then the file is corrupted and needs to be replaced, hence Continue.
2. To validate if the replacing file is healthy.
The above command should execute successfully. (If this errors out, need to contact Support).
3. Replace the corrupted file with a healthy one:
1. To Validate if the ca-cert file is corrupted.
Run the following command in the cmd(admin) on the AppSync server:
install_dir:\EMC\AppSync\jre\bin>keytool.exe -list -v -keystore Install_dir:\emc\appsync\jboss\_jre\lib\security\cacerts (enter changeit for the pwd).
If the above command errors out with the "Keystore was tampered with, or password was incorrect : Password verification failed:" error, then the file is corrupted and needs to be replaced, hence Continue.
2. To validate if the replacing file is healthy.
Run the following command in the cmd(admin) on the AppSync server:
install_dir:\EMC\AppSync\jre\bin>keytool.exe -list -v -keystore install_dir:\emc\appsync\jre\lib\security\cacerts (enter changeit for the pwd)
The above command should execute successfully. (If this errors out, need to contact Support).
3. Replace the corrupted file with a healthy one:
Run the following command in the cmd(admin) on the AppSync server
copy install_dir:\EMC\AppSync\jre\lib\security\cacerts install_dir:\EMC\AppSync\jboss\_jre\lib\security
if above command does not work copy manually cacerts from:
install_dir:\EMC\AppSync\jre\lib\security\cacerts to install_dir:\EMC\AppSync\jboss\_jre\lib\security
4. Import the newly replaced ca-cert file.
Run the following command in the cmd(admin) on the AppSync server
install_dir:\EMC\AppSync\jboss\_jre\bin>keytool.exe -importcert -file install_dir:\EMC\AppSync\jboss\_jre\lib\security\cas.crt -keystore install_dir:\EMC\AppSync\jboss\_jre\lib\security\cacerts -storepass changeit -alias appsync -noprompt
5. Restart the services and try to login to AppSync
Note:
- Need to replace the install_dir with the AppSync installation directory wherever mentioned.
- (Recommended to take the back up of cacerts from install_dir:\EMC\AppSync\jboss\_jre\lib\security so that we can avoid running the same commands again if the file is corrupted again.)
Products
AppSync, AppSyncArticle Properties
Article Number: 000199992
Article Type: Solution
Last Modified: 14 مايو 2026
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.