dauphin77
Enthusiast
Enthusiast

400 and 503 errors and vpxd service errors - vcsa 6.7

Jump to solution

Hello all,

I have been trying to troubleshoot the below 400 and 503 errors after rebooting my vcsa 6.7 Update 1. I have been attempting to implement custom CA's and have been successful with my two ESXi hosts but not vCenter. 

400 Error.PNG

503 Error.PNG

I have a snapshot of vcsa which I keep reverting too, and noticed in the vpxd.log file that I am receiving the following errors. When I reboot vcsa, the VPXD service fails to start and I have to revert back to the snapshot.

Before rebooting vcsa: "Error vpx settings"

pastedImage_4.png

After rebooting vcsa: "host name does not match the subject name(s) in certificates."

vpxd_log error.PNG

I have attempted many of the suggestions previously posted in the community that experienced similar issues without success.

What other log files should I be looking at to figure this problem out? Any additional troubleshooting steps would be appreciated as I have been racking my brain for the last few days trying to figure this out.

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
dauphin77
Enthusiast
Enthusiast

So I was finally able to get around this issue by applying/updating vCSA 6.7 to Update 2, I was at update 1. Once I installed the patch/update to only vCenter I was able to regain access to the web client and run the Certificate Manager to replace Machine SSL Certificate with a custom certificate, which was my primary goal. Apparently there are numerous vpxd issues with update 1 that appear to have been resolved with update 2.

View solution in original post

0 Kudos
2 Replies
dauphin77
Enthusiast
Enthusiast

Additional info:

- 2 ESXi hosts with a dvSwitch in an HA/DRS cluster

- Configured Certificate Mode to "Custom" in the vpxd.certmgmt.mode entry

- Uploaded Custom CA certificate chain into the TRUSTED_ROOTS store

- Additional error from vpxd-svcs.log file:

pastedImage_0.png

0 Kudos
dauphin77
Enthusiast
Enthusiast

So I was finally able to get around this issue by applying/updating vCSA 6.7 to Update 2, I was at update 1. Once I installed the patch/update to only vCenter I was able to regain access to the web client and run the Certificate Manager to replace Machine SSL Certificate with a custom certificate, which was my primary goal. Apparently there are numerous vpxd issues with update 1 that appear to have been resolved with update 2.

0 Kudos