Hello all,
I have been trying to troubleshoot the below 400 and 503 errors after rebooting my vcsa 6.7 Update 1. I have been attempting to implement custom CA's and have been successful with my two ESXi hosts but not vCenter.
I have a snapshot of vcsa which I keep reverting too, and noticed in the vpxd.log file that I am receiving the following errors. When I reboot vcsa, the VPXD service fails to start and I have to revert back to the snapshot.
Before rebooting vcsa: "Error vpx settings"
After rebooting vcsa: "host name does not match the subject name(s) in certificates."
I have attempted many of the suggestions previously posted in the community that experienced similar issues without success.
What other log files should I be looking at to figure this problem out? Any additional troubleshooting steps would be appreciated as I have been racking my brain for the last few days trying to figure this out.
So I was finally able to get around this issue by applying/updating vCSA 6.7 to Update 2, I was at update 1. Once I installed the patch/update to only vCenter I was able to regain access to the web client and run the Certificate Manager to replace Machine SSL Certificate with a custom certificate, which was my primary goal. Apparently there are numerous vpxd issues with update 1 that appear to have been resolved with update 2.
Additional info:
- 2 ESXi hosts with a dvSwitch in an HA/DRS cluster
- Configured Certificate Mode to "Custom" in the vpxd.certmgmt.mode entry
- Uploaded Custom CA certificate chain into the TRUSTED_ROOTS store
- Additional error from vpxd-svcs.log file:
So I was finally able to get around this issue by applying/updating vCSA 6.7 to Update 2, I was at update 1. Once I installed the patch/update to only vCenter I was able to regain access to the web client and run the Certificate Manager to replace Machine SSL Certificate with a custom certificate, which was my primary goal. Apparently there are numerous vpxd issues with update 1 that appear to have been resolved with update 2.