VMware Cloud Community
mechgt
Enthusiast
Enthusiast
‎09-27-2017 08:08 AM

vCenter Migration 5.5 to 6.0 U2m Firstboot execution error

I have a physical vCenter 5.5 U2e server that I'm trying to migrate to the vCSA 6.0 virtual appliance using the migration tool outlined in the link below.

vCenter Server Migration Tool: vSphere 6.0 Update 2m - VMware vSphere Blog

I cannot complete the migration as it fails in the same manner every time I attempt it. The resulting vCSA boot with an error message and I cannot access the server using the web-client.  There appears to be a missing .crt file, however I cannot find the information to resolve this.  My system is using the self-signed certificates.

The (repeatable) process for my situation is this:

1) Start Migration Assistant on existing vCenter 5.5 server

2) Begin Migration using the 6.0 Update 2m utility from an auxiliary node

3) Migration process fails with a message stating:

************************************

Firstboot script execution error.

  Encountered an internal error.

Traceback (most recent call last):

File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 202, in main

vmidentityFB.boot()

File "/opt/vmware/lib64/vmidentity_firstboot_core.py", line 189, in boot

self.generateCertificates()

File "/opt/vmware/lib64/vmidentity_firstboot_core.py", line 427, in generateCertificates

self.copyCertificates()

File "/opt/vmware/lib64/vmidentity_firstboot_core.py", line 439, in copyCertificates

shutil.copy2(self.__root_cert_x509_path, self.__ssl_root_cert_x509_path)

File "/opt/vmware/lib/python2.7/shutil.py", line 130, in copy2

copyfile(src, dst)

File "/opt/vmware/lib/python2.7/shutil.py", line 82, in copyfile

with open(src, 'rb') as fsrc:

IOError: [Errno 2] No such file or directory: '/etc/vmware-sso/keys/ssoserverRoot.crt'

  This is an unrecoverable error, please retry install. If you run into this error again, please collect a support bundle and open a support request.

************************************

I've read many articles that imply that DNS is the typical culprit, however believe DNS to be available on the local subnet and functioning normally for my system (nslookup and dig both returned normal results from my vCSA server).

0 Kudos
1 Reply
mechgt
Enthusiast
Enthusiast
‎09-27-2017 04:28 PM

So I've taken the approach of attempting to debug this by tracking the stack trace through the python code... (YUCK)

I see that vCSA 6.0 is attempting to copy a certificate from what I believe to be an exported set of files from the source vCenter 5.5 server.  This particular offending file noted in the error message "ssoserverRoot.crt" does not exist on the 6.0 server, nor does it exist in the migration export bundle (C:\Users\(username)\AppData\Local\VMware\Migration-Assistant\

export\sso\conf\vmware-sso\). I guess this is a standard cert that should be available on all 5.5 servers... except mine?

Back in vCenter 5.5 web-client > Administration > Single Sign-On > Configuration > Certificates > STS Signing I find only Chain 1 with 2 certificates.  I feel like I'm either missing a certificate somehow (despite vCenter 5.5 running normally), or something is named wrong, or....?  Help?

I'm happy to generate a new set of self-signed certificates or whatever to get through this, but not sure how.

0 Kudos