VMware Unified Access Gateway 3.3.1 Fails to Start Blast Services in FIPS Mode

A bug exists in the FIPS version of the VMware Unified Access Gateway 3.3.1 appliance that causes the local Blast services to fail to properly initialize due to a cipher suite mismatch between local services on the appliance. The issue appears to be exclusive to the 3.3.1 release, as the issue did not exist in 3.3.0 and is said to be patched in 3.4.0.

To resolve the issue, a single line needs to be edited in a configuration file on the appliance.

Open the following file in an editor:
/opt/vmware/gateway/lib/bsg/absg.properties

Locate the line for ‘localHttpsCipherSpec’ and replace it with the following:
localHttpsCipherSpec=!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES

Save the file. Disable and enable the Blast service in the web administration UI. Restart the appliance.

VMware vRealize Operations Manager Returns Keyfile is not Valid when Updating a Certificate

VMware vRealize Operations Manager 6.6.1 may return an error stating “Keyfile is not valid” when attempting to install a new SSL certificate. The appliance does not properly convert timezone data on the “valid from” attribute of a certificate and may believe the certificate is outside it’s validity period.

The solution was to try again the following day.

vCenter Server Fails Upgrade to 6.5.0-U1 with VCSServiceManager Error

I spent a portion of the last two weekends attempting to upgrade my homelab vCenter Server running on Server 2016 from 6.5.0 to 6.5.0-U1 with little success. My implementation is only a month old and non-complex, aside from the external Platform Service Controller servicing the single vCenter Server (so far).

Both the PSC and the VCS returned the same error during installation: “Installation of component VCSServiceManager failed with error code ‘1603’. Check the logs for more details.”

Installation of component VCSServiceManager failed with error code 1603.

Continue reading