Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Recently deployed a vCenter Server Appliance 6.7 U2.Recently updated from a previous version of 6.7 to vCenter Server Appliance 6.7 U2.vCenter High Availability is enabled.After a reboot or fail-over, the vmware-certificatemanagement and vmware-topologysvc services fail to start automatically. The services can be manually started.When running the command service-control --status you see entries similar to: Stopped: vmcam vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-rbd-watchdog vmware-vcha vsan-dps vmware-topologysvc vmware-certificatemanagementRunning: applmgmt lwsmd pschealth vmafdd vmcad vmdird vmdnsd vmonapi vmware-analytics vmware-cis-license vmware-cm vmware-content-library vmware-eam vmware-perfcharts vmware-pod vmware-postgres-archiver vmware-rhttpproxy vmware-sca vmware-sps vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-updatemgr vmware-vapi-endpoint vmware-vmon vmware-vpostgres vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm vsphere-client vsphere-ui In the /etc/vmware/vmware-vmon/profiles.json file, you see that the certificatemanagement and topologysvc services are missing { "NONE" : [], "HACore" : [ "vcha", "statsmonitor" ], "HAActive" : [ "rhttpproxy", "sca", "applmgmt", "cis-license", "cm", "content-library", "vpxd-svcs", "eam", "imagebuilder", "mbcs", "netdumper", "perfcharts", "rbd", "sps", "vapi-endpoint", "updatemgr", "vpxd", "vsan-health", "vsm", "vsphere-client", "vmonapi", "vmware-postgres-archiver", "vmcam", "pschealth", "vsphere-ui", "vsan-dps", "analytics"], "CRITICAL" : ["vpxd", "rhttpproxy", "rbd", "vpxd-svcs", "sps", "vmware-postgres-archiver", "vmware-vpostgres", "vapi-endpoint", "pschealth"]}
To configure the vCenter Server Appliance 6.7 U2 to automatically start the vmware-certificatemanagement and vmware-topologysvc services after a reboot or fail-over.
In 6.7 U2, the services vmware-certificatemanagement and vmware-topologysvc were introduced.Out of the box, in a non-VCHA setup, vmware-certificatemanagement and vmware-topologysvc are set to automatically start. However, these services were not correctly added to the HAActive VMON profile.This means that when VCHA is activated, the VMON profile that determines which services should be running isn't aware that it should also automatically start the vmware-certificatemanagement and vmware-topologysvc services after a reboot or fail-over.
This issue is resolved in vCenter Server 6.7 U3, available at VMware Downloads.
To work around this issue, follow the steps below: Disable the VCHA configuration.Backup the file /etc/vmware/vmware-vmon/profiles.json using the command below: cp /etc/vmware/vmware-vmon/profiles.json /storage/core/profiles.json; Edit the /etc/vmware/vmware-vmon/profiles.json file and manually add the certificatemanagement and topologysvc services to the HAActive list. For example: { "NONE" : [], "HACore" : [ "vcha", "statsmonitor" ], "HAActive" : [ "rhttpproxy", "sca", "applmgmt", "cis-license", "cm", "content-library", "vpxd-svcs", "eam", "imagebuilder", "mbcs", "netdumper", "perfcharts", "rbd", "sps", "vapi-endpoint", "updatemgr", "vpxd", "vsan-health", "vsm", "vsphere-client", "vmonapi", "vmware-postgres-archiver", "vmcam", "pschealth", "vsphere-ui", "vsan-dps", "analytics", "certificatemanagement", "topologysvc"], "CRITICAL" : ["vpxd", "rhttpproxy", "rbd", "vpxd-svcs", "sps", "vmware-postgres-archiver", "vmware-vpostgres", "vapi-endpoint", "pschealth"]} Note: The service need to be listed as certificatemanagement and topologysvc in the /etc/vmware/vmware-vmon/profiles.json file and not like the names vmware-certificatemanagement and vmware-topologysvc seen in the service-control --status output. Save the /etc/vmware/vmware-vmon/profiles.json file.Enable VCHA.