VMware Auto Deploy error SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

After upgrading to vCenter 5.1 Update 1a I decided to take a look at the Auto Deploy component. Since upgrading to vCenter 5.0 it wasn’t working. Because we didn’t plan on using it, I just disabled the service at that time. After the improvements to Auto Deploy in 5.1 especially the Stateless Caching mode, this technique  might be something we want to use in the future.

Enabling the service resulted in the same error as before. The service starts, but the vSphere Client plugin cannot connect and displays the error ‘The request failed because of a connection failure. (Unable to connect to the remote server)’


I verified that there were no listeners on port 6501 and 6502 through a netstat -a on the Autodeploy server.


I browsed to VMware KB 2000988 to start my quest for a solution.

I opened the vmconfig-autodeploy.xml from %ProgramData%\VMware\VMware vSphere Auto Deploy\ and verified all paths mentioned were correct. I also checked the settings in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vSphere Auto Deploy with regedit. The only thing I changed in the registry and the XML file was the username. I changed it from the Down-Level Logon Name [NETBIOS DOMAIN]\[USER] to the User Principal Name [USER]@[DNS DOMAIN].

A reboot of the service didn’t change the situation.

Because I didn’t do any configuration, I tried to re-register the service and got an error thrown at me, yay!


I opened the log file location %ProgramData%\VMware\VMware vSphere Auto Deploy\logs and immediately saw that a lot of logging was being created. A good thing in it self and a clear indication something is wrong 🙂


Opening one of the log files revealed that same error

SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

and another one

Error: [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’), (‘SSL routines’, ‘SSL_CTX_use_certificate_file’, ‘PEM lib’)]


So, it seems to be a certificate issue. A Google search revealed nothing to further help me.

I opened the location of the SSL certificates %ProgramData%\VMware\VMware vSphere Auto Deploy\ssl and there was the root of the problem.


Because we still use the default installer certificates, these were quickly replaced with copies from e.g. the %ProgramData\VMware\VMware ESXi Dump Collector\ssl folder.

I tried to re-register the service again, but was thrown another error:

error: attempt to write a readonly database


Again, because there was no configuration done, I simple renamed the db file in the Data directory and ran the command again. A new db file was created automatically.


The command did throw another error or warning,

‘openssl’ is not recognized as an internal or external command, operable program or batch file.

but it did finish successfully.


I restarted the Auto Deploy service and was able to connect my vSphere Client. All good!



About Yuri de Jager
Technology Addict

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: