Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
When using the Certificate Automation Tool, you see these error: Warning: Different certificates are being used for SSL and Solution users. Manual intervention is required. For details, see KB 2048202. After performing the steps described in the KB article, continue with this operation. Do you want to continue? When running ssolscli.cmd listServices command to identify service details for the configuration, you see entries similar to: Anonymous Execution Operation Failed: 100 For more information, see step 4 in Validating and correcting errors for an upgraded VMware vCenter Server using the SSL Certificate Automation Tool (2048202). In the lookupserver.log file, you see entries similar to: inherited from com.vmware.vim.binding.lookup.SearchCriteria@780d5011) because of Invalid certificate java.lang.IllegalArgumentException: Invalid certificate
This issue occurs when a service endpoint has an expired trust while attempting to register with the Lookup Service.
This is a known issue affecting VMware vCenter Server 5.1.x. To workaround this issue: Stop all VMware Services. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).Back up the vCenter Server Single Sign-On database.Run this SQL query in the vCenter Server Single Sign-On database to list all registered services: SELECT URI, PROTOCOL, SERVICE_ID FROM LS_SERVICE_ENDPOINT; Identify which service has the expired certificate. Note: You can identify the VMware VirtualCenter service by locating the URI field ending in:443/sdk Run this SQL command to reset the SSL trust of the expired service: UPDATE LS_SERVICE_ENDPOINT SET SSL_TRUST_ANCHOR = null WHERE SERVICE_ID = ExpiredServiceID Start all VMware Services. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).Continue performing the procedure in Validating and correcting errors for an upgraded VMware vCenter Server using the SSL Certificate Automation Tool (2048202). Note: Before proceeding to step 21, take a backup of the folder, located at c:\programdata\vmware\virtual center\ssl and replace the contents with the new certificate. You cannot register vCenter Server with Single Sign-On if the current certificates are expired.
How to regenerate vSphere 6.x certificates using self-signed VMCA How to stop, start, or restart vCenter Server servicesValidating and correcting errors for an upgraded VMware vCenter Server using the SSL Certificate Automation Tool有効期限が切れた vCenter Server 証明書の更新ができない