Loading...
Loading...
In VxRail version 8.0.300 to 8.0.331, during Day1 vLCM enablement, the VxRail manager certificate will be replaced by a VMCA-issued one. This replacement cannot be reverted to a self-signed certificate via VxRail plugin UI. Later, if the vCenter root CA certificate changes, the vCenter and VxRail manager may no longer trust each other's certificates, causing cluster upgrade failure. You must follow this KB instruction to replace the VxRail Manager certificate with a self-signed certificate and import it to the vCenter trust store. Note: This KB only applies to standard VxRail cluster, DO NOT use it in VCF on VxRail environment.
If the VxRail manager certificate is self-signed, the cluster upgrade process will automatically refresh the VxRail manager and vCenter trust store with their current certificates, to make sure they can trust each other. But if the VxRail manager certificate is VMCA-signed, cluster upgrade process will not force to change it back to self-signed and refresh the trust stores, so if the vCenter root CA certificate is changed, vCenter and VxRail manager no longer trust each other's certificates, causing cluster upgrade failure.
Revert the VxRail manager certificate to a self-signed one and import the updated vCenter root CA certificate into VxRail manager. 1. Login to VxRail Manager. 2. Run the following commands: #cd /mystic/ssl#mcp_python cert_util.py --regencert#mcp_python cert_util.py Note: You will be prompted to enter the vCenter administrator credentials and the root account credentials if vLCM is enabled. The "--regencert" option first generates a self-signed VxRail manager certificate, then upload the new VxRail manager certificate into vCenter trust store. The "cert_util.py" command without any parameter will import the vCenter root CA certificate into VxRail manager trust store. After these two commands, the vCenter and VxRail manager can trust each other again with their updated certificates.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.