Solved: Re: vecs-cli failed. Error 4312

nettech1 · ‎07-25-2020

Hi,

We are attempting a 6.7 - > 7.0 vcsa upgrade.

Our pre-upgrade check fails, similar to what's discussed here? Error when upgrading from VCSA 6.7 to 7.0

When we try the solution from this KB VMware Knowledge Base we are getting an error on this command

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store STS_INTERNAL_SSL_CERT --alias __MACHINE_CERT > /var/tmp/sts_internal_backup.crt

Error: Failed to open the store.

vecs-cli failed. Error 4312: Possible errors:

LDAP error: Unknown (extension) error

Win Error: Operation failed with error ERROR_OBJECT_NOT_FOUND (4312)

Any help is greatly appreciated!

Thanks

Edit:

/usr/lib/vmware-vmafd/bin/vecs-cli store list

MACHINE_SSL_CERT

TRUSTED_ROOTS

TRUSTED_ROOT_CRLS

machine

vsphere-webclient

vpxd

vpxd-extension

SMS

APPLMGMT_PASSWORD

data-encipherment

BACKUP_STORE

sudeshnas · ‎07-28-2020

Hi nettech1,

On the source machine I would request you to run the following script :

Copy the file to lstool scripts folder.
For vCSA :
vCenter 6.x - /usr/lib/vmidentity/tools/scripts

Run the below commands:
# python ls_ssltrust_fixer.py -f scan
#python ls_ssltrust_fixer.py -f fix

This will fix if there are any SSL trust mismatch in lookup service registration.

Regards,

Sudeshna Sarkar

Install-Upgrade Specialist

_______________________________________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

View solution in original post

scott28tt · ‎07-25-2020

Moderator: Thread moved to the vSphere Upgrade & Install area.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

scott28tt · ‎07-25-2020

How does this relate to your other thread started today?

vcenter 6.7 -> 7.0 upgrade is stuck

Which of these 2 problems do you currently have?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

nettech1 · ‎07-26-2020

scott28tt It is directly related.

Removing software_update_state.conf as suggested here VMware Knowledge Base throws me back in the loop

scott28tt · ‎07-26-2020

"back in the loop” as in the issue in this thread is now resolved?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

nettech1 · ‎07-26-2020

no it's not resolved

scott28tt · ‎07-26-2020

As this is the pre-check, I would expect you to need to get this issue resolved before you start with the topic in your other thread.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

scott28tt · ‎07-26-2020

Is this the SAME issue?

Error while replacing Machine SSL Cert, please see certificate-manager.log

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

sudeshnas · ‎07-28-2020

Hi nettech1,

On the source machine I would request you to run the following script :

Copy the file to lstool scripts folder.
For vCSA :
vCenter 6.x - /usr/lib/vmidentity/tools/scripts

Run the below commands:
# python ls_ssltrust_fixer.py -f scan
#python ls_ssltrust_fixer.py -f fix

This will fix if there are any SSL trust mismatch in lookup service registration.

Regards,

Sudeshna Sarkar

Install-Upgrade Specialist

_______________________________________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

nettech1 · ‎07-29-2020

found a link to download the script here

https://vmind.ru/2020/07/29/obnovlenie-vmware-vcenter-s-versii-6-7-do-7-0/

nettech1 · ‎07-29-2020

after fixing the certs and restarting the upgrade process. we are getting a different error

Error

Internal error occurs during VMware vSphere Update Manager pre-upgrade checks.

Resolution

Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.

sudeshnas · ‎07-29-2020

hi nettech1,

I have attached the script in my previous reply.

Please download the attachement and proceed.

Regards,

Sudeshna Sarkar

Install-Upgrade Specialist

sudeshnas · ‎07-29-2020

Hi nettech1,

Is the vum service running on the 6.7 vc?

Regards

Sudeshna Sarkar

nettech1 · ‎07-30-2020

running ls_ssltrust_fixer.py and rebooting vcsa resolved all errors ex experienced during upgrade

sudeshnas · ‎07-30-2020

Hi nettech1,

Please mark the answer as correct if it has helped you to resolve the issue.

Regards,

Sudeshna Sarkar

Install-Upgrade Specialist

section32 · ‎01-05-2021

Hi I'm trying to run that script, the scan part works fine but when i try the fix it asks for the sso administrator, which i enter, and then it ends with an invalid syntax.

BCSITServices · ‎03-01-2021

Hi Section32

I have the same issue as you. Did you find a solution in the end ?

Hope you can help

Thank You

Chris

section32 · ‎03-01-2021

I had to open a support case, this script can really mess things up if not run properly or on the right system. They were a bit surprised that it was available as it shouldn't be too the general public

FWEjmiller · ‎03-11-2021

Just an FYI for anyone trying this method (which worked for me so thanks! @sudeshnas :

The folder name is correct, but the file name will need to be updated to include the "_p3"

There is an invalid syntax error around line 297 where the script gets creds. I'm not a strong python guy, so I just hardcoded the credentials wrapped in "" but I imagine someone smarter than me can fix that pretty simply.

If you're unfamiliar with how to save the file to the scripts directory, you can use (something like) WinSCP to SFTP to your vcsa and save the file

Before attempting to run the fix commands, be sure to change the directory (cd /usr/lib/vmidentity/tools/scripts)

Again, thanks for the fix! I like to make it super simple so apologies for dumbing the process down.

MauroRazzetti · ‎03-19-2021

Thanks FEWjmiller ... got it working editing script.

you need to go at line 297 and change with your SSO administrator FQDN

also remember to put your credentials between ""

All

vecs-cli failed. Error 4312