OPERATIONAL DEFECT DATABASE
...
...
Logging in to the vCenter Appliance Management Interface (VAMI) using root credentials returns an error "Downloading RPM vsphere-ui-7.0.3.00300-9405520.noarch.rpm" post entering the credentials. You might see similar entries in var/log/vmware/applmgmt/update_microservice.log 2021-11-12 06:50:08,182 - 7353 - integrity_checker:: log_and_print: 79 - INFO - Public key: /var/vmware/applmgmt/fileintegrity/pub.key is missing, generating one2021-11-12 06:50:08,247 - 7353 - integrity_checker:: log_and_print: 75 - ERROR - ERROR: Exception while verifying signature. {"detail": [{"id": "install.ciscommon.command.errinvoke","translatable": "An error occurred while invoking external command : '%(0)s'","args": ["Stderr: "],"localized": "An error occurred while invoking external command : 'Stderr: '"}],"componentKey": null,"problemId": null,"resolution": null}2021-11-12 06:50:08,248 - 7353 - integrity_checker:: log_and_print: 75 - ERROR - /etc/vmware/appliance/fileintegrity_config.json config file verification failed2021-11-12 06:50:08,251 - 7353 - update_microservice:: _runEvent: 417 - ERROR - Event callback failed: Exception('Failed verify config file') 'Traceback (most recent call last):\n File "/usr/lib/applmgmt/update/py/vmware/appliance/update/update_microservice.py", line 410, in _runEvent\n coroutine.send(1)\n File "/usr/lib/applmgmt/update/py/vmware/appliance/update/update_microservice.py", line 176, in stageEventHandler\n coroutine.send(i)\n File "/usr/lib/applmgmt/update/py/vmware/appliance/update/update_b2b.py", line 1261, in stage\n integrity_check_enabled = integrity_check.is_integrity_check_enabled()\n File "/usr/lib/vmware/site-packages/cis/integrity_checker.py", line 730, in is_integrity_check_enabled\n raise Exception("Failed verify config file")\nException: Failed verify config file\n' To verify the error, ssh to the VCSA and run the command: openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json The command should return a response "Verification Failure".
This issue is resolved in VMware vCenter Server 7.0 U3c. To download go to Customer Connect Patch Downloads
To workaround this issue, please follow these steps: Take an offline snapshot (with VCSA powered off),Login to VCSA through ssh using putty.Download the script generate_signature.py from the attachment section to in the article.Upload the script to the VCSA " root directory" using WINSCP Note: If you faced an error while trying to login to VCSA through WINSCP , please run the below command on VCSA (SSH):# chsh -s /bin/bash root Run the script using the command: # python generate_signature.py Run the command: # openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json This should return a "Verified OK" response. Run the following commands: # service-control --stop applmgmt# rm -rf /storage/core/software-update/*# rm -rf /storage/db/patching.db# mv /storage/core/software-packages/staged-configuration.json /storage/core# mv /etc/applmgmt/appliance/software_update_state.conf /storage/core# service-control --start applmgmt Retry the update.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
