- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VCSA 5.1 U1a stops on regenerating certificate
Hello guys,
Yeasterday I deployed new VCSA and moved existing ESX servers to it. Then I shut down old vCenter and changed IP and hostname of new VCSA to IP/hostname that was previously set on old vCenter.
After restart, there is usual problem with incorrect certificate, so I checked "Toggle certificate setting" in VCSA administration on https port 5480. After reboot system stays on:
Hostname or IP has changed. Regenerating the self-signed certificates.
Starting VMware vPostgres: ok
Waiting for the embedded database to start up: .[OK]
SSH and web UI does not work, but system is not frozen. I can access Alt-F10 virtual console that shows only NIC link status.
Failsafe mode also does not work, only solution is to revert to snapshot.
I tried to deploy same VCSA in our testing vSphere infrastructure and tried to do exactly same configuration - same problem.
Any ideas will be welcome
Regards,
Rudolf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I eventually found solution
Set "Toggle certificate setting" to ON from web UI or by creating file:
vcenter:~ # touch /etc/vmware-vpx/ssl/allow_regeneration
Stop all vmware-* services except vmware tools or switch to runlevel 2:
vcenter:~ # init 2
This will trigger same bash function that creates certificates on reboot with "Toggle certificate setting" ON:
vcenter:~ # source vpxd_commonutils; regenerate_certificates
script checks if existing certificate is self signed and if you have different hostname than specified in cert.
If you want to regenerate certificates without checking:
vcenter:~ # source vpxd_commonutils; generate_all_certificates replace
scripts MUST end with VC_CFG_RESULT=0, if not, check if vmware services are stopped
Set "Toggle certificate setting" to OFF or:
vcenter:~ # rm /etc/vmware-vpx/ssl/allow_regeneration
vcenter:~ # reboot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nice. I've been going nuts on this.
How did you get your original vcsa to boot to command prompt after it started locking?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had to revert to snapshot.
Possible solution is to shutdown appliance, mount vmdk to some Linux system and delete /etc/vmware-vpx/ssl/allow_regeneration file .... but I did not try this
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
oh yeah, snapshot. I did that, because only a noob would mess with vcenter without taking a snapshot... ![]()
A new vcsa anyway. good advice on mounting the vmdk. Thanks for the quick reply.
J
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Success story: I booted with an Ubuntu disc into rescue mode, mounted the VCSA filesystems manually (I believe /dev/sda3 is the root partition) and deleted /etc/vmware-vpx/ssl/allow_regeneration. Rebooted the system and everything was running perfectly again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You definitively save my life! I've been searching and searching a solution but nothing appeared until I've found your fix!
Many thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's not necessary to boot from a LiveCD or linux rescue disc.
When the appliance starts, the GRUB boot loader shows briefly.
- When it appears, hit the up or down arrow to stop the boot countdown clock (which is only like 2 seconds).
- Following the instructions at the bottom of the screen, hit "p" to enter the unlock password (which is the root password). This will allow you to change the boot-time string.
- Highlight "VMWare vCenter Server Appliance" and press "e" to edit the boot settings.
- Highlight the "Kernel..." line and press "e" to edit the boot string.
- Append a "1" to the end so that it looks like this: "...showopts 1" (minus the quotation marks)
- Press enter, and then "b" to boot.
This will cause the appliance to boot in init level 1 (or single-user maintenance mode). From here, the root password will get you into the console where you can delete /etc/vmware-vpx/ssl/allow_regeneration. Reboot the server when you're done with "shutdown -r now". It shouldn't be necessary to go back into GRUB to remove the "1" you added earlier.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
unbelievable. I did it again. thanks for the moves on vcsa boot.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Guys,
It's not required to have a snapshot.
Please restart your system - once you will get grub screen - click 'p' - provide you password for admin. Once it's done - you can edit grub configuration and boot system in a single user mode (just add word 'single' at the end of middle line). Your system will boot and you can remove below mentioned file. Reboot again and… you have your system back. No need for external images or snapshots.
Enjoy!
Regards,
-Artur.