VPLEX:"Configuration system-setup" command fails to configure security certificates

           

   Article Number:     539468                                   Article Version: 2     Article Type:    Break Fix 
   

 


Product:

 

VPLEX Series,VPLEX VS2,VPLEX VS6,VPLEX for All Flash,VPLEX Local,VPLEX Metro,VPLEX GeoSynchrony 5.4 Service Pack 1,VPLEX GeoSynchrony 5.4 Service Pack 1 Patch 1,VPLEX GeoSynchrony 5.4 Service Pack 1 Patch 3

 

Issue:

 

 

                                             

           
               Impacted Dell EMC VPLEX Hardware:           
               Dell EMC VPLEX Hardware: VS2           
               Dell EMC VPLEX Hardware: VS6           
               Dell EMC VPLEX Hardware: VPLEX All Flash           
               Dell EMC VPLEX Hardware: VPLEX Local           
               Dell EMC VPLEX Hardware: VPLEX Metro           
                          
               Impacted Dell EMC VPLEX Software:            
               Dell EMC Software: GeoSynchrony 5.4.x* and above.           
               Dell EMC Software: GeoSynchrony 6.0.x and above.           
                          
               *Note: Be aware that GeoSynchrony 5.4.x went End Of Service Life (EOSL) on 30 April 2019. If you are running on any version of 5.4.x, or earlier, you should consider upgrading your VPLEX to at least the current target code 6.0 SP1 P7 to get on supported code and for all the benefits of fixes and enhancements that have been made in all codes after 5.4.x and in 6.0 SP1 P7. A Change Control Authorization (CCA) is required for an NDU and you will need to reach out to your local Dell EMC field representative and discuss the planning of the VPLEX upgrade CCA action.              

              Issue:           

               Running of the "configuration system-setup" command fails to configure security certificates as shown in the example below:           
                          
               Security configure-certificates: Evaluation of  <<security configuration-certificates>> failed.             
                 cause:                                      command execution failed.             
                 cause:                                      12             
                 cause:                                      failed to configure certificates: (10, 'Error while creating ca certificates  : Invaild Key-value pair in subject file /var/log/VPlex/cli/CACertSubjectInfo.txt\n\Error during CA Certificate creation.  Please verify your certificate subject file. \n')
           
                
                                                             

 

 

Cause:

 

 

The /var/log/VPlex/cli/CACertSubjectInfo.txt file on the management server may have missing attributes.   
   
     
                                                           

 

 

Change:

 

 

During a VPLEX installation, while running the command "configuration system-setup"                                                           

 

 

Resolution:

 

 

Workaround:   

         
  1.         Establish an SSH session to the Management Server and Login to the management server using the 'service' account credentials.     
  2.    
   
         
  1.         Change directory (cd) to /var/log/VPlex/cli/     
  2.    
   
      service@mgmtserver~> cd /var/log/VPlex/cli       
        service@mgmtserver:/var/log/VPlex/cli>
   
        
         
  1.         List out the file CACertSubjectInfo.txt using the 'cat' command     
  2.    
   
      service@mgmtserver:/var/log/VPlex/cli> cat CACertSubjectInfo.txt   
   
         
  1.         Make sure that CACertSubjectInfo.txt data shows as below:     
  2.    
   
      SUBJECT_COUNTRY=US       
        SUBJECT_STATE=Massachusetts       
        SUBJECT_LOCALITY=Hopkinton <--
this may be different or not listed     
      SUBJECT_ORG=EMC       
        SUBJECT_ORG_UNIT=EMC       
        SUBJECT_COMMON_NAME=FNM00xxxxxxxxx <-
if SN is missing please add     
      SUBJECT_EMAIL=support@emc.com    
   
         
  1.         If you do not know your VPLEX serial number, access the VPlexcli, using the service account credentials, if prompted for,  then run the command "health-check -l" and the serial numbers will be listed at the top under "Cluster TLA", there will be two if a Metro. Look for the serial number of the cluster you are on.        

              Sample output:         
                   VPlexcli:/> health-check -l           
                     Product Version: 5.5.2.04.00.01           
                     Product Type: Metro           
                     WAN Connectivity Type: IP           
                     Hardware Type: VS2           
                     Cluster Size: 1 engines           
                     Cluster TLA:           
                       cluster-1: FNM00xxxxxxxxx <--           
                       cluster-2: FNM00xxxxxxxxx <--
           

                    
             Exit the VPlexcli to get back to the management server if edits are needed.     
  2.    
   
         
  1.         If any of the above attributes are missing  'vi ' the CACertSubjectInfo.txt file to edit it..     
  2.    
   
      service@mgmtserver:/var/log/VPlex/cli> vi CACertSubjectInfo.txt   
   
         
  1.         If you need to make edits, once in ' vi ' move the cursor using the arrow keys to the line needing editing, then to the location on the line where the edit needs to be made.       
             If you need to add a serial number move the cursor so it is on the ' = ' symbol, then click the 'a' key. This will move the cursor one place and you will be in the "INSERT" mode indicated in the lower left corner of the screen.     
  2.    
   
         
  1.         Next type in the serial number, then press the 'Esc' key to exit the "INSERT" mode. The "INSERT" display will go away in the lower left.     
  2.    
   
         
  1.         To save the changes and exit the ' vi ' session, press :wq, (colon, ' : ', then wq). This will write and quit (exit) ' vi '.     
  2.    
   
         
  1.         You can ' cat ' the file again to check your edits to make sure they took and are correct.     
  2.    
   
         
  1.         Now when you re-run the 'configuration system-setup' command again it should run this time.     
  2.    
   
         
  1.         If it still fails please contact Dell EMC VPLEX Support via a Live Chat session.     
  2.