VMware Cloud Community
tikondrus
Enthusiast
Enthusiast
‎09-06-2013 01:14 AM

Can't update vCenter

i have vCenter Server 5.1.1064983 and I wanted to update to 5.1.0-1235309.

step one - updating SSO.  I  enter master password and get an error - Provider password is wrong or empty.

I try  to login to webclient with admin@system-Domain  - your password expires

I try to reset password -  C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli\ssopass admin

>Using Lookup Service: https://192.168.3.81:7444/lookupservice/sdk (on the current machine).

> Intializing registration provider...

> Getting SSL certificates for https://192.168.3.81:7444/lookupservice/sdk

> com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certficate assertion not verified and thumbprint not matched

>Return code is: SslHandshakeFailed 1

C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli>ssolscli.cmd listServi

ces https://smart.intranet:7444/lookupservice/sdk

Intializing registration provider...

Getting SSL certificates for https://smart.intranet:7444/lookupservice/sdk

Getting SSL certificates for https://smart.intranet:7444/sso-adminserver/sdk

Anonymous execution

Found 6 services.

Service 1

-----------

serviceId={B567E535-386A-417F-B21D-60D2F5B7EBB7}:10

serviceName=vCenterService

type=urn:vc

endpoints={[url=https://smart.intranet:443/sdk,protocol=vmomi]}

version=5.1

description=vCenter Server

ownerId=vCenterServer_2012.11.27_142748@System-Domain

productId=<null>

viSite={B567E535-386A-417F-B21D-60D2F5B7EBB7}

Service 2

-----------

serviceId={B567E535-386A-417F-B21D-60D2F5B7EBB7}:3

serviceName=The group check interface of the SSO server

type=urn:sso:groupcheck

endpoints={[url=https://smart.intranet:7444/sso-adminserver/sdk,protocol=vmomi]}

version=1.0

description=The group check interface of the SSO server

ownerId=<null>

productId=<null>

viSite={B567E535-386A-417F-B21D-60D2F5B7EBB7}

Service 3

-----------

serviceId={B567E535-386A-417F-B21D-60D2F5B7EBB7}:6

serviceName=VMware vSphere Web Client

type=urn:com.vmware.vsphere.client

endpoints={[url=https://smart.cs_ltd.intranet:9443/vsphere-client,protocol=vmomi

]}

version=5.1

description=VMware vSphere Web Client Service

ownerId=WebClient_2012.11.27_141740

productId=<null>

viSite={B567E535-386A-417F-B21D-60D2F5B7EBB7}

Service 4

-----------

serviceId={B567E535-386A-417F-B21D-60D2F5B7EBB7}:5

serviceName=VMware Log Browser

type=urn:logbrowser:logbrowser

endpoints={[url=https://smart.cs_ltd.intranet:12443/vmwb/logbrowser,protocol=unk

nown],[url=https://smart.cs_ltd.intranet:12443/authentication/authtoken,protocol

=unknown]}

version=2.1.0.855129

description=Enables browsing vSphere log files within the VMware Web Client

ownerId=WebClient_2012.11.27_141740

productId=<null>

viSite={B567E535-386A-417F-B21D-60D2F5B7EBB7}

Service 5

-----------

serviceId={B567E535-386A-417F-B21D-60D2F5B7EBB7}:2

serviceName=The security token service interface of the SSO server

type=urn:sso:sts

endpoints={[url=https://smart.intranet:7444/ims/STSService?wsdl,protocol=wsTrust

]}

version=1.0

description=The security token service interface of the SSO server

ownerId=<null>

productId=<null>

viSite={B567E535-386A-417F-B21D-60D2F5B7EBB7}

Service 6

-----------

serviceId={B567E535-386A-417F-B21D-60D2F5B7EBB7}:1

serviceName=The administrative interface of the SSO server

type=urn:sso:admin

endpoints={[url=https://smart.intranet:7444/sso-adminserver/sdk,protocol=vmomi]}

version=1.0

description=The administrative interface of the SSO server

ownerId=<null>

productId=<null>

viSite={B567E535-386A-417F-B21D-60D2F5B7EBB7}

Return code is: Success

0

C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli>ssolscli.cmd listServi

ces https://192.168.3.81:7444/lookupservice/sdk

Intializing registration provider...

Getting SSL certificates for https://192.168.3.81:7444/lookupservice/sdk

com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certi

ficate assertion not verified and thumbprint not matched

com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certi

ficate assertion not verified and thumbprint not matched

Return code is: OperationFailed

100

vSphere I update from version 5.0 and all was well.

Reply
0 Kudos
9 Replies
Gortee
Hot Shot
Hot Shot
‎09-07-2013 06:24 AM

I love SSO... always been fun.  The canned answer is your need to open a ticket with VMware and have them troubleshoot it... which will take a week and more than likely will end with re-install.  So you can skip the middle man and reinstall connecting to your old database.

Just my two cents... it never hurts to open a ticket with vmware just in case thou... because if they tell you to reinstall they will support it.

Also make backup's / snapshots before you try it.

Joseph Griffiths http://blog.jgriffiths.org @Gortees VCDX-DCV #143
Reply
0 Kudos
admin
Immortal
Immortal
‎09-08-2013 04:41 PM

Can you try not to mix IP and DNS names? Certificates in a vSphere environment are pretty allergic to that. Not to even mention the hard requirement of forward and reverse DNS for SSO to actually be supported. As all your service endpoints are registered by FQDN use the FQDN in your commands as well Smiley Happy

What happens when you try to reset the admin@system-domain password using the following kb?

VMware KB: Unlocking and resetting the vCenter Single Sign On (SSO) administrator password

Reply
0 Kudos
tikondrus
Enthusiast
Enthusiast
‎09-09-2013 12:07 AM

when I installed SSO i entered FQDN, not IP address. And I updated vSphere many times. Everything was good.

When i try to reset password i get error SslHandshakeFailed. Perhaps because SSO tries to get SSH certificate by IP-address.

Reply
0 Kudos
admin
Immortal
Immortal
‎09-09-2013 12:44 AM

C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli>ssolscli.cmd listServices https://192.168.3.81:7444/lookupservice/sdk

That does not look like an FQDN to me Smiley Happy

Did the reset using the way from the kb article work?

Reply
0 Kudos
tikondrus
Enthusiast
Enthusiast
‎09-09-2013 02:07 AM

>That does not look like an FQDN to me

but this i type in cmd

in 3rd time  - When i try to reset password i get error SslHandshakeFailed

Reply
0 Kudos
COS
Expert
Expert
‎09-09-2013 10:28 AM

"vCenter Server 5.1.1064983 and I wanted to update to 5.1.0-1235309."


That may be a typo but I don't think you can down-rev to an older version.

Reply
0 Kudos
tikondrus
Enthusiast
Enthusiast
‎09-19-2013 01:54 AM

why down-rev? update 5.1.0.1064983  to 5.1.0-1235309.

The problem is solved by Vsphere and sso reinstall

Reply
0 Kudos
rtlabadmin
Contributor
Contributor
‎01-29-2016 08:40 AM

I found this while looking for an answer, and I post to this aged thread so that I may find it easily the next time I or one of my colleagues runs into this problem.

Situation is like the above.  what I found was that when I issued the command "ssopass admin" I received the resonse listed. what I noticed was that it was attempting to connect to the lookup service using the ip address.  when I changed to command to "ssopass -d https://<<FQDN_Address>>:7444/lookupservice/sdk admin" it performed as it should.  The inclusion of the lookup FQDN was what got it to work for me.

Reply
0 Kudos
LindenMartin
Contributor
Contributor
‎02-16-2016 12:39 AM

For all the people in the same boat still I will stress this:

Try your servers FQDN first!

It has to be a Fully Qualified Domain Name...

<Servername>.<Domain>

<ServerName> will NOT work

<IPAddress> will NOT work

This error is generally directly related to the name on the certificate NOT matching the servers FQDN entered.

Hope this helps!

Reply
0 Kudos