VMware Cloud Community
PoY00ch
Contributor
Contributor
‎02-27-2018 06:42 AM
Jump to solution

ESX 5.5 migration to 6.0 - SSL issue

Hi folks,

I've started today the migration of our 5.5 into 6.0. During pre-checks, an SSL issue came out

"Error: vCenter CA certificate not verified. Stopping...."

ScreenShot136.jpg

I've googled and find out that SSL have to be renewed.

I've followed that guide : https://anthonyspiteri.net/upgrading-windows-vcenter-5-5-to-6-0-in-place-issues-and-fixes/

which then lead to :  VMware Knowledge Base  and  https://anthonyspiteri.net/dealing-with-a-revoked-vcenter-ssl-certificate/

New SSL were created, vxpd -p has been used in order to generate a new password and services were restarted.

I've used the VmWare Certificate automation tool and here starts the mess.

Right after using 5, 2 options, I'm entering all the requested credentials, and it fails with the error :

[27/02/2018 - 14:55:44.94]: Validating the configuration and state of vCenter Server

---------- C:\PROGRAMDATA\VMWARE\VMWARE VIRTUALCENTER\VPXD.CFG

[27/02/2018 - 14:55:45.01]: Validating the input parameters...

        STATE              : 4  RUNNING

HTTPError: Unable to open or read page.

HTTP Error 401: basic auth failed

[27/02/2018 - 14:56:10.56]: "Cannot log in to vCenter."

[27/02/2018 - 14:56:10.56]: The vCenter certificate update failed.

Current status:

- I cannot logon on vSphere.

- VmWare VirtualCenter Server service starts

- VmWare VirtualCenter Management WebServices service keeps on crashing after a few seconds.

- I'm notable to login with all accounts I've got on https://localhost/mob/?moid=vpxd-securitymanager&method=reloadSslCertificate&vmodl=1

What would you recommend to do in order to quickly fix this? Reinstall vSphere 5.5 first?

Please share your thoughts.

Regards,

poy

0 Kudos
1 Solution

Accepted Solutions
rajen450m
Hot Shot
Hot Shot
‎02-28-2018 03:15 AM
Jump to solution

Hi PoY00ch

To my knowledge using VMware vCenter Certificate Automation Tool was your mistake. because,

If it is self-signed, renewing the certificates is a simple thing from 5.5 on wards and through vCenter Appliance Management Interface as shown above.

Now, it is a difficult task dear and "Changing Password was another big mistake I say".

If you have backup of the vCenter server before starting this upgrade and changes, please restore and begin the process again by renewing the vCenter SSL certificate fom VAMI.

Raj M Please mark helpful or correct if my answer resolved your issue. Visit www.hypervmwarecloud.com for my blog posts, step-by-step procedures etc.,

View solution in original post

0 Kudos
6 Replies
rajen450m
Hot Shot
Hot Shot
‎02-27-2018 11:55 PM
Jump to solution

Hi PoY00ch

Your SSL certificate on vCenter 5.5 is CA signed SSL certificate or deault-self signed certificate??

We had similar issue (one of our vcenter had self-signed certificate) and below was the steps we followed to fix:

To resolve this issue, toggle the certificate settings on the source vCenter Server Appliance to regenerate new certificates with the appropriate hostname and IP address.

To toggle the certificate settings:

  1. Log in to the source vCenter Server Appliance Web interface at https://Source_vCenter_Server_Appliance_FQDN:5480/.
  2. Click the Admin tab.
  3. Regenerate certificates:
    • vCenter Server 5.5: Select Yes under Certificate regeneration enabled.
  4. Click Submit.
  5. Reboot the vCenter Server Appliance.
  6. After the vCenter Server Appliance reboots, ensure that the Certificate regeneration enabled option is set to disabled and disable if it is enabled.

After completing, attempt to upgrade the vCenter Server Appliance 5.x to vSphere 6.0.

This is from KB :  Upgrading from vCenter Server Appliance 5.x to 6.0 reports error: vCenterServer FQDN does not match ...

Other error w.r.t extensions can be fixed after upgrade by removing the old extensions from vcenter MOB and re-register again with vcenter.

How to delete or unregister vSphere Replication extension or plugin from vCenter Server MOB – HyperV...

Raj M Please mark helpful or correct if my answer resolved your issue. Visit www.hypervmwarecloud.com for my blog posts, step-by-step procedures etc.,
0 Kudos
PoY00ch
Contributor
Contributor
‎02-28-2018 02:56 AM
Jump to solution

Hi rajen450m

thanks for your message and for your suggestion.

it's actually for a self signed certificate.

Sadly, I can't reach the website on port 5480. I've tried even on the server itself, with localhost, doesn't answer.

However, the address https://Source_vCenter_Server_Appliance_FQDN/mob works but I can't login with any of my credentials.

Any ideas/suggestions?

Regards,

Poy

0 Kudos
rajen450m
Hot Shot
Hot Shot
‎02-28-2018 03:15 AM
Jump to solution

Hi PoY00ch

To my knowledge using VMware vCenter Certificate Automation Tool was your mistake. because,

If it is self-signed, renewing the certificates is a simple thing from 5.5 on wards and through vCenter Appliance Management Interface as shown above.

Now, it is a difficult task dear and "Changing Password was another big mistake I say".

If you have backup of the vCenter server before starting this upgrade and changes, please restore and begin the process again by renewing the vCenter SSL certificate fom VAMI.

Raj M Please mark helpful or correct if my answer resolved your issue. Visit www.hypervmwarecloud.com for my blog posts, step-by-step procedures etc.,
0 Kudos
PoY00ch
Contributor
Contributor
‎02-28-2018 03:19 AM
Jump to solution

Dear rajen450m

thanks for your feedback. We are always smarter afterwards... Smiley Sad

Then I know what I have to do.

Thanks for your hints.

Have a great day.

poy

0 Kudos
rajen450m
Hot Shot
Hot Shot
‎03-11-2018 11:31 AM
Jump to solution

Hi PoY00ch

Again we had this issue in our new upgrade, we have started our new vcenter upgrade to 6.5 and this SSL issue popped up.

Unfortunately the SSL certificate was not getting generated and have-stuck with the same issue for almost 8hours now.

pastedImage_2.png

Submitting "Certificate regeneration enabled: Yes" and reboot vcenter as shown in the link I have shared above has not fixed it...

Luckily found this article after struggling for 8hours...

Work Space: vCenter Appliance v5.5 Certificate Not Generating New Certificated

As shown here, re-named the vcenter and reboot by enabling certificate regeneration has generated new certificate and re-named back, reboot has solved my issue... Now the upgrade is on fly - - >

pastedImage_3.png

Regards, Raj

www.hypervmwarecloud.com

Raj M Please mark helpful or correct if my answer resolved your issue. Visit www.hypervmwarecloud.com for my blog posts, step-by-step procedures etc.,
0 Kudos
PoY00ch
Contributor
Contributor
‎03-12-2018 02:28 AM
Jump to solution

Dear rajen450m​​

Glad that you sort it out. Smiley Happy

I had issues to afterwards in the migration from 6.0 to 6.5.

it seems hard to make such migration an easy step. In the other hand, they are quite a deep changes so it's nice that we can upgrade in the end.

Have a nice week!

Cheers,

Poy

0 Kudos