OPERATIONAL DEFECT DATABASE
...
...
vCenter upgrade to 6.7 failing with vpxd firstboot with error, "Failed to create data encipherment cert with hostname/ip" vpxd_firstboot.log:2020-02-18T05:11:24.709Z Invoked command: ['/usr/lib/vmware-vmca/bin/certool', '--server=vcenter_fqdn', '--genCIScert', '--dataencipherment', '--privkey=/etc/vmware-vpx/ssl/tmp-data-encipherment.key', '--cert=/etc/vmware-vpx/ssl/tmp-data-encipherment.crt', '--Name=data-encipherment', '--FQDN=vcenter_fqdn']2020-02-18T05:11:24.709Z RC = 5Stdout = Error: 5, VMCAGetSignedCertificatePrivate() failedStatus : FailedError Code : 5Error Message : Operation failed with error = ERROR_ACCESS_DENIED (5)Stderr =2020-02-18T05:11:24.709Z VirtualCenter firstboot failedvmcad-syslog.log:2020-02-18T05:06:55.712962+00:00 info vmcad Starting VMware Certificate Servicedone2020-02-18T05:07:04.185407+00:00 info vmcad t@140407505676032: VMCACheckAccessKrb: Authenticated user vcenter_fdqn@vsphere.local2020-02-18T05:11:24.688726+00:00 info vmcad t@140407505676032: VMCACheckAccessKrb: Authenticated user vcenter_fdqn@vsphere.local2020-02-18T05:11:24.697375+00:00 info vmcad t@140407505676032: Checking upn: cn=CAAdmins,cn=Builtin,dc=vsphere,dc=local against CA admin group: vcenter_fdqn@vsphere.local2020-02-18T05:11:24.697881+00:00 info vmcad t@140407505676032: Checking user's group: cn=DCAdmins,cn=Builtin,dc=vsphere,dc=local against CA admin group: cn=CAAdmins,cn=Builtin,dc=vsphere,dc=local2020-02-18T05:11:24.698176+00:00 warning vmcad t@140407505676032: error code: 0x000000052020-02-18T05:11:24.698507+00:00 warning vmcad t@140407505676032: error code: 0x00000005
The issue occurs due to the following user groups were missing in CAAdmins. DCAdminsDCClients
To resolve the issue add DCAdmins and DCClients user groups to CAAdmins.They can be added using flex/html5 client from Administration > SSO > Users and Groups.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
