Re: Cert Manager Tool Not Working / VCSA Web UI No...

ctucci · ‎06-15-2020

Rebooted VCSA because it was behaving strangely with getting hosts into maintenance mode and it came back up but can't access web interface, I get "No healthy upstream" error. So, I can SSH in and I checked the vxpd.log file and it complains about expired certificates, etc... I want to launch the certificate tool in the command line to just reset all certs and see if that fixes the vxpd service not loading at all so I use /usr/lib/vmware-vmca/bin/certificate-manager and choose option 8 to reset all certs but I get "Certificate Manager tool do not support vCenter HA systems" which makes no sense because I don't and never did have HA enabled for VCSA itself.

How can I fix this so I can reset certs and hopefully get the appliance working again. Right now my only access is via SSH or appliance management webpage. Regular vCenter UI is down I am guessing because vpxd service won't start.

daphnissov · ‎06-15-2020

Probably best at this point to open a support request with GSS.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

ctucci · ‎06-15-2020

Turns out running the command with sudo fixed the error. Didn't think to try that based on the error and the KB article on cert manager didn't seem to mention the need to.

daphnissov · ‎06-15-2020

Never seen cert manager need to be run with sudo when logged in as root.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

ctucci · ‎06-15-2020

Running Option 8 to reset all certs seems to have fixed my original issue and allows me to login to VCSA web UI although the cert manager didn't technically finish successfully all the way because one service wouldn't restart after it replaced the certs. The "wcp" service which is now the only vCenter service that won't start. This is preventing VCSA backups from being made now because it complains that not all required services are running so something is still messed up.

If I try to start the service from appliance management UI, it says starting for a few minutes then returns the error "Operation timed out" on top.

vcloud3d · ‎03-06-2021

WCP Service fails to start - try KB article/80588 - https://kb.vmware.com/s/article/80588

If you still seeing error "No healthy upstream" try these steps which fixed mine.

Update "hosts" file on local pc: [add the ip add 127.0.0.1 <vcenter.domainname.com>]

Path - C:\Windows\System32\drivers\etc\hosts

###########vcenter###################
127.0.0.1 <vcenter.domainname.com>

SAVE

reboot vCenter

hope this helps!!

vcloud3d (John.A)

Lazslo · ‎05-19-2021

When I got the "Certificate Manager tool do not support vCenter HA systems" error the following solution worked for me:

1. mkdir /var/tmp/vmware

2. Run certificate-manager again

I hope it helps.

PaulB2 · ‎01-16-2022

Same issue here with 7.02.

sudo /usr/lib/vmware-vmca/bin/certificate-manager

works.

senndoh · ‎07-20-2022

this worked for me

1. mkdir /var/tmp/vmware 2. Run certificate-manager again

miyamotosan · ‎08-07-2022

makes no sense to me but it works so Im not going to question any further. Thanks!

ptarnawski · ‎08-08-2022

Check TRUSTED_ROOT certs for any duplications or stale ones.

Visit my blog:AngrySysOps.com
YT: AngryAdminYoutube
Visit my:Xwitter

If my answer has successfully addressed your issue, kindly mark it as RESOLVED. If it has provided valuable assistance, consider giving it a KUDOS. Thanks

vmkfix-SSA · ‎02-06-2023

I followed this article to resolve the issue.

https://vmkfix.blogspot.com/2023/02/certificate-manager-tool-do-not-support.html

Godwin_Christop · ‎05-13-2023

worked for me too!!!

Vik001 · ‎05-26-2023

shut down passive and witness nodes

ssh to active node and run:

vcha-destroy -f
reboot

ssh to active node and run:

/usr/lib/vmware-vmca/bin/certificate-manager

taco_chris · ‎10-11-2023

This worked for me. Thanks!

btechit · ‎10-18-2023

probably not logged in a root, since sudo needed to be run.

Cert Manager Tool Not Working / VCSA Web UI Not Accessible