vSphere Content Library fails to synchronize

Out of the box, vSphere Content Libraries are seldomly used in Enterprise environments. However, they can be quite helpful synchronizing your Golden Images (VM or vApp Templates) across your vSphere environments. The concept of Content Libraries can automate the distribution of such templates easily. For example, to synchronize the templates between test and production, or across your physical locations.

Recently, we found out that Content Libraries across sites (locations, or vSphere instances) just stopped synchronizing. This happened a few months back. Yes, I know, we should have resolved this earlier, but due to other priorities, this issue was forced back on the backlog… Anyway, upon manual synchronisation of the Content Library, this issue let to the following error message within vSphere:

Verify Subscription link

As a first, please make sure the correct subscription url is used:

  • Verify that the Published Content Library (url in json format) is identical to the Subscribed Content Library
    Source/Published Content Library

    Target/Subscribed Content Library looks like this. The url seems identical, however, please confirm this through your favorite text editor. In this case, the url links are identical… As expected.


    Verify the url and make sure the are correctly configured.

Verify Ports

As a second, please make sure that traffic is allowed through Access Control Lists (ACL) in the firewall. Whether the firewall is a physical device, or virtual, please verify the following ports are allowed between both vSphere/vCenter environments:

  • Ports 16666 and 16667 (TCP/UDP), as well as
  • 902 (TCP) are allowed

Did you know that VMware actively updates the following website to keep track of port usage within/between the VMware product portfolio. Here it is

 

The error

The symptom of our issue appears immediately after a manual sync:

Manual synchronization fails.

Do NOT just close this error message, just like you are used to…

The hint given here is important: click on More Tasks

The Task itself details that the SSL Thumbprint is not authenticated. In order to resolve this, you will need to confirm, re-authenticate the SSL certificate.

Note that this is probably the result of some vCenter Server upgrades.

The following section shows how to resolve this, using the simplest resolution.

Re-authenticate the SSL Thumbprint

Therefore, navigate to the suscribed Content Library Settings, and Edit it (while not changing anything).
After clicking OK, the Library is updated, and a popup appears to Continue with the latest SSL Thumbprint.
Click Actions >> Continue to accept the new SSL Thumbprint.

Re-synchronize and the Last Sync Date is updated, once again!
Well, that’s all there is to it, as you can see as-easy-as-π !!

Lessons learned: make sure to re-authenticate the subscribed Content Library after a vCenter Server update.

By DM