Hello,

We are a 6.0 environment

Vcenter is already upgraded to Version 6.0 U3D

Current SRM version is 6.1.0.11034

I have been trying to fix this for several days.   It started off as an attempt to upgrade SRM to version 6.1.2 but it has become apparent there is a problem with the service in general, as when I roll back to the snapshot I took of the machine, the service does not restart either.  Bizarrely the service does restart if vcenter is restarted, however the upgrade is never successful.

The error that causes the service to not start and the installation to roll back is as follows.

2018-01-16T15:39:43.527Z [03428 verbose 'RemoteSsoServer.ConnHandler' connID=sso-admin-47c] Connecting to SSO server.

2018-01-16T15:39:43.527Z [03428 verbose 'HttpConnectionPool-000000'] [RemoveConnection] Connection removed; cnx: <SSL(<io_obj p:0x000000000a32dc18, h:-1, <TCP '0.0.0.0:0'>, <TCP 'OURVC1IP:443'>>)>; pooled: 18

2018-01-16T15:39:43.730Z [03428 verbose 'SamlTokenFactory' connID=sso-admin-47c ctxID=4635b075] Setting signing certificates and broadcasting.

2018-01-16T15:39:43.730Z [04576 info 'Default' connID=sso-admin-47c] W32Util_VerifyAdminOnlyFilePrivileges: GetNamedSecurityInfo failed.  Reason: The operation completed successfully

-->

2018-01-16T15:39:43.730Z [04576 warning 'Default' connID=sso-admin-47c] File ACLs for .\5f9e05a7-48c3-4f2f-a3e2-55933652ccfa.p12 have been changed from default settings.

2018-01-16T15:39:43.730Z [04576 error 'RemoteSsoServer.ConnHandler' connID=sso-admin-47c] `anonymous-namespace'::ConnectHandler::GetIssuersCertificatesComplete: Unable to parse retrieved trusted SSO certs. Exception:

--> std::exception 'class Vmacore::Crypto::CryptoException' "Crypto Exception: Unable to open PKCS12 file '.\5f9e05a7-48c3-4f2f-a3e2-55933652ccfa.p12'. ERROR [0x6]: Could not find the file."

2018-01-16T15:39:43.730Z [04576 warning 'RemoteSsoServer' connID=sso-admin-47c] Failed to connect: std::exception 'class Vmacore::Crypto::CryptoException' "Crypto Exception: Unable to open PKCS12 file '.\5f9e05a7-48c3-4f2f-a3e2-55933652ccfa.p12'. ERROR [0x6]: Could not find the file."

2018-01-16T15:39:43.730Z [05096 verbose 'PropertyProvider' connID=sso-admin-47c ctxID=10eb778a] RecordOp ASSIGN: connectionErrors["1.4"], site-1030. Applied change to temp map.

2018-01-16T15:40:01.762Z [02988 verbose 'StubFactory' connID=93a5] Event broadcasted

2018-01-16T15:40:02.215Z [04980 trivia 'SsoClient'] opId=52d33c51-72ba-d7c5-1613-1ade1b5f6d91 START operation SecurityTokenServiceImpl::ValidateSubject

2018-01-16T15:40:02.215Z [04980 trivia 'SsoClient'] Validating subject of token SamlToken [subject={Name: SRM-7b4405c8-8228-40c6-81c6-227869ca1656; Domain:vsphere.local}, groups=[{Name: Users; Domain:vsphere.local}, {Name: SolutionUsers; Domain:vsphere.local}, {Name: LicenseService.Administrators; Domain:vsphere.local}, {Name: Everyone; Domain:vsphere.local}], delegationChain=[], startTime=2018-01-16 15:38:41.916, expirationTime=2018-01-16 23:38:41.916, renewable=false, delegable=false, isSolution=true,confirmationType=1]

2018-01-16T15:40:02.278Z [02068 verbose 'StubFactory' connID=7ef7] Event broadcasted

2018-01-16T15:40:02.372Z [04980 trivia 'SsoClient'] Result: true

2018-01-16T15:40:02.372Z [04980 trivia 'SsoClient'] opId=52d33c51-72ba-d7c5-1613-1ade1b5f6d91 END operation SecurityTokenServiceImpl::ValidateSubject

2018-01-16T15:40:03.387Z [03136 verbose 'StubFactory' connID=c1cd] Event broadcasted

The vcenter certificate is accepted during the install wizard process

In the later stages of the process I have tried using the installed and valid SRM certificate and also a new p12 certificate. The result is the same each time (the above).

I have no idea what 5f9e05a7-48c3-4f2f-a3e2-55933652ccfa.p12 is, it does not seem to exist, so I assume it only exists temporarily during the install process.  I have been searching everywhere, but cannot find any similar errors.

I'm completely stumped so would be delighted if someone knows what the problem is here, and how to fix it!

Stuart