Home Tanzu vSphere with Tanzu Host Licensing error

vSphere with Tanzu Host Licensing error

by Mohamed Imthiyaz

I came across a vSphere with Tanzu environment, where the WCP page was throwing the below error

None of the hosts connected to this vCenter are licensed for Workload Management.

Sometimes rebooting of VC could cause this. I have written another post on what happens to the cluster and workloads if the WCP license actually expires.

This was a cosmetic and known issue that was fixed and the workaround for this is to clear cookies/incognito mode. @William Lam had a post about it link

But in this particular case clearing cache/cookies/incognito did not resolve the issue and restarting the WCP service was a no-go.

As it was not a production environment I could reboot my vCenter and test but it still resulted in the same.
I checked all the hosts in the cluster and all were E+ licenses.

wcpsvc.log – Was complaining about invalid credentials in a loop.

2022-05-31T11:27:03.743Z error wcp [ssolib/sts.go:122] [opID=6295fc6a] STS Issue HOK request failed; err: ns0:FailedAuthentication: Invalid credentials
2022-05-31T11:27:03.743Z error wcp [kubelib/auth.go:115] [opID=6295fc6a] Failed to obtain JWT for wcp: ns0:FailedAuthentication: Invalid credentials
2022-05-31T11:27:03.743Z error wcp [kubelib/auth.go:160] [opID=6295fc6a] Failed to obtain JWT: ns0:FailedAuthentication: Invalid credentials
2022-05-31T11:27:03.744Z debug wcp [kubelib/auth.go:203] [opID=6295fc6a] Auth roundtripper: retry request. Response statusCode: 401
2022-05-31T11:27:03.789Z debug wcp [ssolib/sts.go:87] [opID=6295fc75] Getting HOK signer; store: wcp, alias: wcp
2022-05-31T11:27:03.79Z debug wcp [kubelifecycle/master_api_monitor.go:50] healthz for = "Get "": net/http: request canceled (Client.Timeout exceeded wile awaiting headers)"
2022-05-31T11:27:03.79Z debug wcp [notifications/notifications.go:322] Publish change event: &cdc.ChangeLogChangeEvent{Resource:std.DynamicID{Type_:"ClusterComputeResource", Id:"domain-c33"}, Kind:"UPDATE, Properties:[]string{"kubernetes_status"}, ParentResources:[]std.DynamicID(nil)}

On checking the certs I found that the Machine cert was renewed on the vCenter!

Resetting machine ssl certs: https://kb.vmware.com/s/article/2097936
if it fails with “ERROR certificate-manager ‘lstool reregister’ failed: 1” follow https://kb.vmware.com/s/article/76719.

Renewed the machine SSL cert once again, and restarted vCenter services. WCP page was accessible after this.

You may also like

Leave a Comment