VM deployment fails with "Authenticity of the host's SSL certificate is not verified"

When you want to go fast, go slow. Otherwise you will get into trouble… Today I tried to quickly deploy a VM from a template and customize this VM with a customization specification. The codeword is “quickly”. The fun started with this error message:

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Fortunately I asked the VMware Knowledge Base, which lead me to VMware KB2086930 (Deploying a template with customization fails with the error: Authenticity of the host’s SSL certificate is not verified). This KB article is all you need to know to fix this error.

  1. Make a snapshot of your vCenter Server appliance.

  2. Stop the vCenter Server service using the appliance management website (port 5480).

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

  1. Connect with SSH to your vCenter Server appliance and run these commands. I tried to deploy the VM to esx2.lab.local. As you can see, there is no expected SSL thumbprint for this host (and also it’s missing for host esx1.lab.local). The solution is to set the host_ssl_thumbprint == expected_ssl_thumbprint.
vcsa1:~ # sudo /opt/vmware/vpostgres/1.0/bin/psql -d VCDB vc
psql.bin (9.0.17)
Type "help" for help.

VCDB=> Select id, dns_name, host_ssl_thumbprint, expected_ssl_thumbprint from vpx_host;
 id  |    dns_name    |                     host_ssl_thumbprint                     |                   expected_ssl_thumbprint
-----+----------------+-------------------------------------------------------------+-------------------------------------------------------------
  54 | esx4.lab.local | 13:2B:57:A0:96:9F:9B:31:D3:8B:54:07:B3:38:91:34:E7:11:D0:E0 | 13:2B:57:A0:96:9F:9B:31:D3:8B:54:07:B3:38:91:34:E7:11:D0:E0
  48 | esx3.lab.local | 87:B5:81:77:F2:10:54:70:F2:A4:B1:B0:F5:61:C6:AB:36:C5:BE:4A | 87:B5:81:77:F2:10:54:70:F2:A4:B1:B0:F5:61:C6:AB:36:C5:BE:4A
 142 | esx2.lab.local | E3:A2:82:0D:41:9A:6A:AA:67:97:CF:D4:56:78:C6:ED:3D:F5:7A:05 |
  87 | esx1.lab.local | 1F:20:3A:3A:12:94:61:27:B7:C2:EA:92:A4:7B:0B:50:BB:FC:82:DB |
(4 rows)

VCDB=> UPDATE VPX_HOST SET expected_ssl_thumbprint = host_ssl_thumbprint WHERE DNS_NAME = 'esx2.lab.local';
UPDATE 1
VCDB=> UPDATE VPX_HOST SET expected_ssl_thumbprint = host_ssl_thumbprint WHERE DNS_NAME = 'esx1.lab.local';
UPDATE 1
VCDB=> Select id, dns_name, host_ssl_thumbprint, expected_ssl_thumbprint from vpx_host;
 id  |    dns_name    |                     host_ssl_thumbprint                     |                   expected_ssl_thumbprint
-----+----------------+-------------------------------------------------------------+-------------------------------------------------------------
  54 | esx4.lab.local | 13:2B:57:A0:96:9F:9B:31:D3:8B:54:07:B3:38:91:34:E7:11:D0:E0 | 13:2B:57:A0:96:9F:9B:31:D3:8B:54:07:B3:38:91:34:E7:11:D0:E0
  48 | esx3.lab.local | 87:B5:81:77:F2:10:54:70:F2:A4:B1:B0:F5:61:C6:AB:36:C5:BE:4A | 87:B5:81:77:F2:10:54:70:F2:A4:B1:B0:F5:61:C6:AB:36:C5:BE:4A
 142 | esx2.lab.local | E3:A2:82:0D:41:9A:6A:AA:67:97:CF:D4:56:78:C6:ED:3D:F5:7A:05 | E3:A2:82:0D:41:9A:6A:AA:67:97:CF:D4:56:78:C6:ED:3D:F5:7A:05
  87 | esx1.lab.local | 1F:20:3A:3A:12:94:61:27:B7:C2:EA:92:A4:7B:0B:50:BB:FC:82:DB | 1F:20:3A:3A:12:94:61:27:B7:C2:EA:92:A4:7B:0B:50:BB:FC:82:DB
(4 rows)

VCDB=> q

This solved this issue for me. According to VMware KB2086930  only VMware vCenter Server Appliance 5.5.x is affected. If you are running VMware vCenter Server on Windows, you are not affected. If you get this error (or a similar error), it might be another problem.