VMware Cloud Community
rebelfalls
VMware Employee
VMware Employee
Jump to solution

Update manager service does not start after certificate replacement

On the gui I see the error "Failed to login into Update Manager. xxxx.xxxHttpHostConnectException: Connect to xxxxx/127.0.0.1] failed: Connection refused.  Problem occurred while connecting to the Update Manager server."

From the updatemgr-utility.log I see the error below but not much else. 

[ERROR] VC login failure. Exception is hostname 'xxx' doesn't match 'xxx'
[WARNING] Attempt to login into VC failed...

vCenter was down and there was expired certificates in the environment but I updated them and this made vcenter work again. I had to stop the replacement when it got to the update-manager start to prevent a rollback.

lsdoctor tool found 2 endpoint errors I fixed 2 endpoints but did not fix the update manager. 

I appreciate any help. Thank you. 

Reply
0 Kudos
1 Solution

Accepted Solutions
rebelfalls
VMware Employee
VMware Employee
Jump to solution

I found the solution for this issue. When using the Certificate Manager tool on both the PSC and VC the data for hostname & vmca differs.

When it comes to inputting the data on certs mgr wizard,  /usr/lib/vmware-vmca/bin/certificate-manager

On the PSC the hostname is the FQDN of the PSC and VMCA is the FQDN of the PSC. So they have to be the same.

Whereas when completing the task on vCenter the hostname will be the vCenter FQDN and the VMCA will be the PSC FQDN.

Once you restart the services on both (service-control --stop/--start --all) they should both come up, including 'update manager' service. 

View solution in original post

Reply
0 Kudos
4 Replies
Lalegre
Virtuoso
Virtuoso
Jump to solution

Hey @rebelfalls,

By that error you mean that the hostname does not match the Common Name that is on the certificate? Which version of vCenter are you using?

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee
Jump to solution

Moderator: Moved to Update Manager Discussions


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
rebelfalls
VMware Employee
VMware Employee
Jump to solution

I found the solution for this issue. When using the Certificate Manager tool on both the PSC and VC the data for hostname & vmca differs.

When it comes to inputting the data on certs mgr wizard,  /usr/lib/vmware-vmca/bin/certificate-manager

On the PSC the hostname is the FQDN of the PSC and VMCA is the FQDN of the PSC. So they have to be the same.

Whereas when completing the task on vCenter the hostname will be the vCenter FQDN and the VMCA will be the PSC FQDN.

Once you restart the services on both (service-control --stop/--start --all) they should both come up, including 'update manager' service. 

Reply
0 Kudos
BTran1
Contributor
Contributor
Jump to solution

Hello,
Recently I renew my certs after it expired, now when I try to start vmware updatemgr it staged successful start but when I run service-control --status it said vmware updatemgr stopped. How do you resolve this issue? I follow your steps but it's not clear so I'm unsure. Can you revise your steps please?

Reply
0 Kudos