Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Replacing VMCA certificates on VMware vCenter Server Appliance 6.5 fails. In the /var/log/vmware/vmcad/certificate-manager.log file, you see entries similar to: YYYY-MM-DDTHH:MM:SSZ INFO certificate-manager please see service-control.log for service status Service-control failed. Error Failed to start vmon services.vmon-cli RC=1, stderr=Failed to start updatemgr services. Error: Operation timed out In the /tmp/vmware-temp/vmware-vum-server.log file, you see entries similar to: YYYY-MM-DDTHH:MM:SSZ error vmware-vum-server[7F3EAB8FE700] [Originator@6876 sub=Default] [rpcConnectionWrapper,214] SSL cert. verification failed for host http://FQDN.OF.VCENTER.SERVER:80/. Vmacore::Ssl::SSLException: SSL Exception: Verification parameters: --> PeerThumbprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX --> ExpectedThumbprint: YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY:YY --> ExpectedPeerName: FQDN.OF.VCENTER.SERVER --> The remote host certificate has these problems: --> --> * unable to get local issuer certificate Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
This is a known issue affecting VMware vCenter Server Appliance 6.5. Currently, there is no resolution. To work around this issue, use one of these below options. Change the file permission of /etc/vmware/.buildInfo to 444: Log in to vCenter Server Appliance as root. Change the file permission of /etc/vmware/.buildInfo from 640 back to 444 by running this command: chmod 444 /etc/vmware/.buildInfo Replace the Machine SSL certificate. Disable the VMware Update Manger service and replace the certificates: Take a backup of your SSO domain (PSC(s), vCenter Server(s), etc.). Disable the VMware Update Manager Service. Log in to the vCenter Server using the vSphere Web Client. On the vSphere Web Client Home page, click System Configuration. Under System Configuration, click Services. From the Services list, right-click the VMware vSphere Update Manager service. Navigate to Start up Policy > Disabled. Re-try to replace the SSL certificates. For more information, see Configuring the vSphere 6.0 U1b or later VMware Certificate Authority as a Subordinate Certificate Authority(2147542). Re-enable the VMware Update Manager Service. Log in to the vCenter Server using the vSphere Web Client. On the vSphere Web Client Home page, click System Configuration. Under System Configuration, click Services. From the Services list, right-click the VMware vSphere Update Manager service. Navigate to Start up Policy > Automatic Connect to the vCenter Server using SSH and run the following commands: /usr/lib/vmware-updatemgr/bin/updatemgr-util refresh-certs /usr/lib/vmware-updatemgr/bin/updatemgr-util register-vc service-control --start vmware-updatemgr Verify that VMware Update Manager is accessible in the vSphere Web Client.
Resolution: Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.VMware Update Manager サービスが有効になっていると vCenter Server 証明書の置き換えに失敗する启用 VMware Update Manager 服务时,替换 vCenter Server 证书失败