Today I finally had time and wanted to update my complete Aria Suite with the products Aria Automation, Aria Operations, Aria Operations for Logs & Aria Operations for Networks and bring it up to date in my Homelab.

Unfortunately, I came across a rather strange error & I want to show you here in this blog post how I solved it.
If you want to update or upgrade products or, as it is called in the Lifecycle Manager, “environments”, you should first carry out an inventory scan.
And that’s when an error sent us in the wrong direction.

As you can see, an error message tells us “Invalid hostname provided”
The funny thing is, however, that you do not enter a hostname manually for the inventory scan, but this comes directly from the “environment” or the product you want to scan.
And even worse, in the following dialog when you click on “retry” you even have the possibility to change the hostname.
As you guessed, even if you manually adjust the hostname again and restart the workflow, you get exactly the same error again.
So I took a closer look at the details of the error message.

com.vmware.vrealize.lcm.vrli.
Exception: Cannot execute ssh commands.
Exception encountered : Session.connect: java.security.spec.
at com.vmware.vrealize.lcm.
at com.vmware.vrealize.lcm.
at java.base/java.util.
at java.base/java.util.
at java.base/java.lang.Thread.

The Exception “Cannot execute ssh commands” then took me in a completely different direction and I asked myself, has the appliance’s root password expired? So I first tried to connect to the corresponding appliance manually via SSH. To my surprise, this worked without any problems.
So my next approach was the VMware Knowledge Base where I actually found an article (KB) on the subject.
InvalidKeySpecException Error Code : ‘LCMVRNICONFIG90115’ when performing inventory sync in Aria Suite Lifecycle Manager Inventory Sync for Aria Operations for Networks (96553) which contains a reference to error LCMVRLICONF40004.
The KB reveals the cause of the issue “Recent Aria Suite Lifecycle PSPACKs specifically version 8.14 Pspack 4 and above have hardened the SSH settings on the Aria Suite Lifecycle appliance. This can cause communication issues for products which do not support any of the newer macs or ciphers.”, so the cause is clear.

The Exception “Cannot execute ssh commands” then took me in a completely different direction and I asked myself, has the appliance’s root password expired? So I first tried to connect to the corresponding appliance manually via SSH. To my surprise, this worked without any problems.
So my next approach was the VMware Knowledge Base where I actually found an article (KB) on the subject.
InvalidKeySpecException Error Code : ‘LCMVRNICONFIG90115’ when performing inventory sync in Aria Suite Lifecycle Manager Inventory Sync for Aria Operations for Networks (96553) which contains a reference to error LCMVRLICONF40004.
The KB reveals the cause of the issue “Recent Aria Suite Lifecycle PSPACKs specifically version 8.14 Pspack 4 and above have hardened the SSH settings on the Aria Suite Lifecycle appliance. This can cause communication issues for products which do not support any of the newer macs or ciphers.”, so the cause is clear.

To finally solve the problem, I also used the instructions in another KB article:
Steps for removing weak SHA1 algorithms and ciphers from VMware Aria Products (95835)

As you can see in the KB articles, it affects all products in the Aria Suite, so I spent a moment backing up the “sshd_config” file on all my Aria appliances and then customizing it according to the KB articles.
Don’t forget to restart the sshd daemon on all affected appliances.

In any case, after all the adjustments mentioned in the KB article, the update of the Aria products via the Lifecycle Manager is possible again without any problems and therefore all Aria products in my Homelab are now up to date again.

If you have any further questions on this topic please do not hesitate to contact me or leave a comment below this article.


No responses yet

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert