VMware Employee
VMware Employee

Update manager service does not start after certificate replacement

Jump to solution

On the gui I see the error "Failed to login into Update Manager. xxxx.xxxHttpHostConnectException: Connect to xxxxx/127.0.0.1] failed: Connection refused.  Problem occurred while connecting to the Update Manager server."

From the updatemgr-utility.log I see the error below but not much else. 

[ERROR] VC login failure. Exception is hostname 'xxx' doesn't match 'xxx'
[WARNING] Attempt to login into VC failed...

vCenter was down and there was expired certificates in the environment but I updated them and this made vcenter work again. I had to stop the replacement when it got to the update-manager start to prevent a rollback.

lsdoctor tool found 2 endpoint errors I fixed 2 endpoints but did not fix the update manager. 

I appreciate any help. Thank you. 

0 Kudos
1 Solution

Accepted Solutions
VMware Employee
VMware Employee

I found the solution for this issue. When using the Certificate Manager tool on both the PSC and VC the data for hostname & vmca differs.

When it comes to inputting the data on certs mgr wizard,  /usr/lib/vmware-vmca/bin/certificate-manager

On the PSC the hostname is the FQDN of the PSC and VMCA is the FQDN of the PSC. So they have to be the same.

Whereas when completing the task on vCenter the hostname will be the vCenter FQDN and the VMCA will be the PSC FQDN.

Once you restart the services on both (service-control --stop/--start --all) they should both come up, including 'update manager' service. 

View solution in original post

0 Kudos
3 Replies
Commander
Commander

Hey @rebelfalls,

By that error you mean that the hostname does not match the Common Name that is on the certificate? Which version of vCenter are you using?

0 Kudos
Leadership
Leadership

Moderator: Moved to Update Manager Discussions

0 Kudos
VMware Employee
VMware Employee

I found the solution for this issue. When using the Certificate Manager tool on both the PSC and VC the data for hostname & vmca differs.

When it comes to inputting the data on certs mgr wizard,  /usr/lib/vmware-vmca/bin/certificate-manager

On the PSC the hostname is the FQDN of the PSC and VMCA is the FQDN of the PSC. So they have to be the same.

Whereas when completing the task on vCenter the hostname will be the vCenter FQDN and the VMCA will be the PSC FQDN.

Once you restart the services on both (service-control --stop/--start --all) they should both come up, including 'update manager' service. 

View solution in original post

0 Kudos