Hi folks,
I've started today the migration of our 5.5 into 6.0. During pre-checks, an SSL issue came out
"Error: vCenter CA certificate not verified. Stopping...."
I've googled and find out that SSL have to be renewed.
I've followed that guide : https://anthonyspiteri.net/upgrading-windows-vcenter-5-5-to-6-0-in-place-issues-and-fixes/
which then lead to : VMware Knowledge Base and https://anthonyspiteri.net/dealing-with-a-revoked-vcenter-ssl-certificate/
New SSL were created, vxpd -p has been used in order to generate a new password and services were restarted.
I've used the VmWare Certificate automation tool and here starts the mess.
Right after using 5, 2 options, I'm entering all the requested credentials, and it fails with the error :
[27/02/2018 - 14:55:44.94]: Validating the configuration and state of vCenter Server
---------- C:\PROGRAMDATA\VMWARE\VMWARE VIRTUALCENTER\VPXD.CFG
[27/02/2018 - 14:55:45.01]: Validating the input parameters...
STATE : 4 RUNNING
HTTPError: Unable to open or read page.
HTTP Error 401: basic auth failed
[27/02/2018 - 14:56:10.56]: "Cannot log in to vCenter."
[27/02/2018 - 14:56:10.56]: The vCenter certificate update failed.
Current status:
- I cannot logon on vSphere.
- VmWare VirtualCenter Server service starts
- VmWare VirtualCenter Management WebServices service keeps on crashing after a few seconds.
- I'm notable to login with all accounts I've got on https://localhost/mob/?moid=vpxd-securitymanager&method=reloadSslCertificate&vmodl=1
What would you recommend to do in order to quickly fix this? Reinstall vSphere 5.5 first?
Please share your thoughts.
Regards,
poy
Hi PoY00ch
To my knowledge using VMware vCenter Certificate Automation Tool was your mistake. because,
If it is self-signed, renewing the certificates is a simple thing from 5.5 on wards and through vCenter Appliance Management Interface as shown above.
Now, it is a difficult task dear and "Changing Password was another big mistake I say".
If you have backup of the vCenter server before starting this upgrade and changes, please restore and begin the process again by renewing the vCenter SSL certificate fom VAMI.
Hi PoY00ch
Your SSL certificate on vCenter 5.5 is CA signed SSL certificate or deault-self signed certificate??
We had similar issue (one of our vcenter had self-signed certificate) and below was the steps we followed to fix:
To resolve this issue, toggle the certificate settings on the source vCenter Server Appliance to regenerate new certificates with the appropriate hostname and IP address.
To toggle the certificate settings:
After completing, attempt to upgrade the vCenter Server Appliance 5.x to vSphere 6.0.
This is from KB : Upgrading from vCenter Server Appliance 5.x to 6.0 reports error: vCenterServer FQDN does not match ...
Other error w.r.t extensions can be fixed after upgrade by removing the old extensions from vcenter MOB and re-register again with vcenter.
Hi rajen450m
thanks for your message and for your suggestion.
it's actually for a self signed certificate.
Sadly, I can't reach the website on port 5480. I've tried even on the server itself, with localhost, doesn't answer.
However, the address https://Source_vCenter_Server_Appliance_FQDN/mob works but I can't login with any of my credentials.
Any ideas/suggestions?
Regards,
Poy
Hi PoY00ch
To my knowledge using VMware vCenter Certificate Automation Tool was your mistake. because,
If it is self-signed, renewing the certificates is a simple thing from 5.5 on wards and through vCenter Appliance Management Interface as shown above.
Now, it is a difficult task dear and "Changing Password was another big mistake I say".
If you have backup of the vCenter server before starting this upgrade and changes, please restore and begin the process again by renewing the vCenter SSL certificate fom VAMI.
Dear rajen450m
thanks for your feedback. We are always smarter afterwards...
Then I know what I have to do.
Thanks for your hints.
Have a great day.
poy
Hi PoY00ch
Again we had this issue in our new upgrade, we have started our new vcenter upgrade to 6.5 and this SSL issue popped up.
Unfortunately the SSL certificate was not getting generated and have-stuck with the same issue for almost 8hours now.
Submitting "Certificate regeneration enabled: Yes" and reboot vcenter as shown in the link I have shared above has not fixed it...
Luckily found this article after struggling for 8hours...
Work Space: vCenter Appliance v5.5 Certificate Not Generating New Certificated
As shown here, re-named the vcenter and reboot by enabling certificate regeneration has generated new certificate and re-named back, reboot has solved my issue... Now the upgrade is on fly - - >
Regards, Raj
Dear rajen450m
Glad that you sort it out.
I had issues to afterwards in the migration from 6.0 to 6.5.
it seems hard to make such migration an easy step. In the other hand, they are quite a deep changes so it's nice that we can upgrade in the end.
Have a nice week!
Cheers,
Poy