Already rebooted the vCenter Server Appliance before upgrading? Also verify that the FQDN is resolvable.
We were able upgrade the PSCs (2 external PSCs) without issue.
I have rebooted and tried this upgrade several times. Same exact error every time...
Forward and Reverse DNS lookup zones are populated. You can ping all of the appliances from each other. NSLOOKUPs working without issue.
If the new appliance 6.5 is created, please check the vpxd.log in the newly created 6.5 appliance which can shed some light on why the service firstboot failed.
I need to simulate a Windows domain/Active Directory network across 3 sites/physical locations with site-to-site VPN connecting them. I figured I run pfSense (in VM) with OpenVPN as the firewall/router since I'm somewhat familiar with it. I'm running ESXi 6.5 LiteBlue.
So, not a total solution, but we downloaded the 6.5 U2G version and tried that this AM....
....and guess what? It got past 58%!
Then it blew up on the VMware Authentication Services at 80%, which there is some sort of KB about that in 6.7.
I am getting the same error every time i was able to upgrade the PSCs (2 external PSCs) without issue. I have tried to reboot and upgrade several times. figured I run pfSense (in VM) with OpenVPN as the firewall/router since I'm somewhat familiar with it. I'm running ESXi 6.5 tcswebmail
It turned out that the 6.0 vCenter server had some duplicate ROOT and INTERMEDIATE certificates in the TRUSTED ROOT STORE.
Somehow some root CAs were not imported with the certificate thumbprint as the ALIAS for the certs; they were in fact the file name used for the certs when they were brought to the vCenter.
As such, there were two sets of the same certificates with different aliases.
This was causing the upgrade to explode when attempting to start the VPXD service. (...at 58%.)
PSC's did not appear to have the same issue; only the VPXD (virtual center server service) seemed to have this issue.
It is abolutely a bug that having two copies of the the same trusted root and intermediate certificates would cause a service to not start.
I was speaking with support the other day, and this issue is not commonly known.
I'll see what I can do to reach back to engineering and have that fixed. However, it's pretty rare thing...