Hello everyone,
we setup a new Windows Server 2008 R2 as a vCenter Server 5.1
I'm now trying to install new certificates for all vCenter parts (server, inventory service, web client, ...) with Windows CA.
I'm stuck at updating the vCenter Server SSL certificate with the "SSL Certificate Automation Tool".
It's part 5. at this guide (5. in the cmd screenshot):
All credentials are correct, but I'm getting always the same error (vc-update-ssl.log):
I'm stucked there also, getting a "Method Invocation Result: vpx.fault.SecurityConfigFault" after "Invoke Method":
I tried to fix that, but there is no really solution for this:
http://communities.vmware.com/thread/429035
Sooooo, I need help for this issue :smileyconfused:
SOLVED!
Steps:
1. Stop vCenter service
2. Look for your ID in LS_ServiceID.prop in folder C:\ProgramData\VMware\VMware VirtualCenter
3. Copy this ID (e.g. {C4672589-9258-42B1-90E2-1EF268BBD402}:5 )
4. Edit your vpxd.cfg in the same folder and replace
<serviceId>vCenterService</serviceId>
with
<serviceId>your ID</serviceId>
5. Start vCenter Service
Then the SSL automation tool works!
You don't need to revert the changes.
I am sure you would have read this many times. Incase if you missed by any chance, ensure both points are considered.
The certificates that's provided as input may not be a unique certificate
vpxd
having multiple service IDs for the Lookup service in the vpxd.cfg
file.Hi
Welcome to the communities.
Here is the link which will hep you to resolve this problem
Hello yezdi,
yes, I read this many times and it's doesn't match for me.
I don't have multiple lookup service ID entries in the vpxd.cfg.
Everything seems to be alright in there.
Hello Ethan44,
well, we got certificates on the ESXi hosts, but I don't know how long they will last or if they are configured correctly (wasn't done by me).
Are the ESXi hosts really the source of my issue with the vCenter server certificates?
i have the same problem and i just got new certificates for the hosts, but i didn't help..also trying with disconnected and removed hosts i still get the error that the certificate is not unique - all services except vCenterServer worked fine.
I already checked and compared all certificates and they look fine.
Is there any solution?
I have the same problem. Have you solved it?
No, I'm still stuck here.
Same here, still no solution! Installed a complete new machine with Server 2008 R2 + SQL Server 2008 R2 + vCenter Server 5.1 U1 -> no chance!
We did the same and this issue is really frustrating...
SOLVED!
Steps:
1. Stop vCenter service
2. Look for your ID in LS_ServiceID.prop in folder C:\ProgramData\VMware\VMware VirtualCenter
3. Copy this ID (e.g. {C4672589-9258-42B1-90E2-1EF268BBD402}:5 )
4. Edit your vpxd.cfg in the same folder and replace
<serviceId>vCenterService</serviceId>
with
<serviceId>your ID</serviceId>
5. Start vCenter Service
Then the SSL automation tool works!
You don't need to revert the changes.
where did you find the solution? try&error?
I had opened a SR.
i just tried it and it works..you are my hero
thank you!!!
Thanks so much!
This is it!
This worked for me. Thanks to they person who posted the correct answer.
I have the same problem but unfortunatly this didn't fix it for me.
However I do have 2 serviceID's located in the LS_ServiceID.prop one ending on :5 and one ending on :7
Any ideas about this?
Edit:
I got it to work by deleting the :5 in the LS_ServiceID.prop leaving only the :7 in there and then in the vpxd.log replacing the :5 by the :7 and then it finally worked.
Thanks for the person who gave the solution to this problem.
I've got the same error being thrown on a 5.5 windows-based vCenter. However, I've already validated that the single entry in LS_ServiceID.prop is identical to the entry in vpxd.cfg. Any other suggestions?
2nd SOLVED. I had the same problem:
Receive the error:
[Thu 02/27/2014 - 15:26:18.43]: Last operation update vCenter Server SSL certificate failed :
[Thu 02/27/2014 - 15:26:18.44]: Cannot reload the vCenter Server SSL certificates. The certificate might not be unique.
But, the LS_ServiceID.prop ID was identical to the entry in vpxd.cfg. (so the posted solution did not work).
This happened because I fat-fingered a password for the SSO admin when updating the vCenter cert.
SOLUTION
It occurred to me that the cert FILENAME is also no longer unique (because I was trying to use the SSLTOOL a second time for the same vCenter cert).
I simply renamed the original rui.key and chain.pem files to rui2.key and chain2.pem, then ran the SSLTOOL with those new names.
SSLTOOL worked like a charm, and all services work in the vCenter.
Win. ^^.
Man..this works!! COOL