zenking
Hot Shot
Hot Shot

vcenter upgrade and lsdoctor question

I'm trying to upgrade 6.7 VCSA to 7.0. I have one vcenter server with the embedded platform controller. My vcenter cert had expired and I got the error about STS certs regenerated, so I regenerated to get new ones. Now the pre-upgrade check is getting the "SSL certificate in the VECS does not correspond to the service registration in the vmdir."

Since I regenerated the certs after getting through stage 1 of the upgrade, is there any chance that if I blow away the new vcsa and start over that it will work with the new certs? I'm wondering if the cert info gathered in stage 1 is conflcting now.

In case it really is a cert problem that might be fixed with lsdoctor - there is a warning on the lsdoctor page:

"WARNING

Before using lsdoctor to make any changes, ensure you have taken proper snapshots of your SSO domain. This means that you must shut down all VCs or PSCs that are in the SSO domain at the same time, then snapshot them, and power them on again.  If you need to revert to one of these snapshots, shut all the nodes down, and revert all nodes to the snapshot. Failure to perform these steps will lead to replication problems across the PSC databases."

Does that only apply where there is more than one vcenter, or do I need to shut down my single vcenter and take a snapshot from the esxi server it's hosted on?

Thanks.

 

VMWare Environment: vSphere 7.0, EQ PS6210 SANs, Dell R730 Hosts, dedicated Dell switches w/ separate vlans for vmotion and iscsi.
0 Kudos
2 Replies
Ajay1988
VMware Employee
VMware Employee

If you just have one vCSA(embedded PSC) just take a snapshot without memory. And run through the lsdcotor. You mostly have SSL trust issue on VC. 

Run though https://kb.vmware.com/s/article/80469 and use lscheck and see for any SSL trust issues and fix the same on VC side.

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ
zenking
Hot Shot
Hot Shot

OK, I'll give it a shot. Thanks.

VMWare Environment: vSphere 7.0, EQ PS6210 SANs, Dell R730 Hosts, dedicated Dell switches w/ separate vlans for vmotion and iscsi.
0 Kudos