vCenter

Rebooted VCSA because it was behaving strangely with getting hosts into maintenance mode and it came back up but can't access web interface, I get "No healthy upstream" error. So, I can SSH in and I checked the vxpd.log file and it complains about expired certificates, etc... I want to launch the certificate tool in the command line to just reset all certs and see if that fixes the vxpd service not loading at all so I use /usr/lib/vmware-vmca/bin/certificate-manager and choose option 8 to reset all certs but I get "Certificate Manager tool do not support vCenter HA systems" which makes no sense because I don't and never did have HA enabled for VCSA itself.

How can I fix this so I can reset certs and hopefully get the appliance working again. Right now my only access is via SSH or appliance management webpage. Regular vCenter UI is down I am guessing because vpxd service won't start.

Probably best at this point to open a support request with GSS.

Turns out running the command with sudo fixed the error. Didn't think to try that based on the error and the KB article on cert manager didn't seem to mention the need to.

Never seen cert manager need to be run with sudo when logged in as root.

Running Option 8 to reset all certs seems to have fixed my original issue and allows me to login to VCSA web UI although the cert manager didn't technically finish successfully all the way because one service wouldn't restart after it replaced the certs. The "wcp" service which is now the only vCenter service that won't start. This is preventing VCSA backups from being made now because it complains that not all required services are running so something is still messed up.

If I try to start the service from appliance management UI, it says starting for a few minutes then returns the error "Operation timed out" on top.

WCP Service fails to start - try KB article/80588 - https://kb.vmware.com/s/article/80588 

If you still seeing error "No healthy upstream" try these steps which fixed mine. 

Update "hosts" file on local pc: [add the ip add 127.0.0.1 <vcenter.domainname.com>]

Path - C:\Windows\System32\drivers\etc\hosts

###########vcenter###################
127.0.0.1 <vcenter.domainname.com>

SAVE

reboot vCenter

hope this helps!!

vcloud3d (John.A)

probably not logged in a root, since sudo needed to be run. 

Same issue here with 7.02. 

sudo /usr/lib/vmware-vmca/bin/certificate-manager

works.

When I got the "Certificate Manager tool do not support vCenter HA systems" error the following solution worked for me:

1. mkdir /var/tmp/vmware

2. Run certificate-manager again

I hope it helps.

this worked for me

worked for me too!!!

shut down passive and witness  nodes 

ssh to active node and run: 

vcha-destroy -f
reboot

ssh to active node and run:

/usr/lib/vmware-vmca/bin/certificate-manager 

makes no sense to me but it works so Im not going to question any further.  Thanks!

This worked for me.  Thanks! 

this worked, thank you so much!

Check TRUSTED_ROOT certs for any duplications or stale ones. 

I followed this article to resolve the issue.

https://vmkfix.blogspot.com/2023/02/certificate-manager-tool-do-not-support.html