VMware Cloud Community
ctucci
Enthusiast
Enthusiast

Cert Manager Tool Not Working / VCSA Web UI Not Accessible

Rebooted VCSA because it was behaving strangely with getting hosts into maintenance mode and it came back up but can't access web interface, I get "No healthy upstream" error. So, I can SSH in and I checked the vxpd.log file and it complains about expired certificates, etc... I want to launch the certificate tool in the command line to just reset all certs and see if that fixes the vxpd service not loading at all so I use /usr/lib/vmware-vmca/bin/certificate-manager and choose option 8 to reset all certs but I get "Certificate Manager tool do not support vCenter HA systems" which makes no sense because I don't and never did have HA enabled for VCSA itself.

How can I fix this so I can reset certs and hopefully get the appliance working again. Right now my only access is via SSH or appliance management webpage. Regular vCenter UI is down I am guessing because vpxd service won't start.

Reply
0 Kudos
16 Replies
daphnissov
Immortal
Immortal

Probably best at this point to open a support request with GSS.

Reply
0 Kudos
ctucci
Enthusiast
Enthusiast

Turns out running the command with sudo fixed the error. Didn't think to try that based on the error and the KB article on cert manager didn't seem to mention the need to.

daphnissov
Immortal
Immortal

Never seen cert manager need to be run with sudo when logged in as root.

ctucci
Enthusiast
Enthusiast

Running Option 8 to reset all certs seems to have fixed my original issue and allows me to login to VCSA web UI although the cert manager didn't technically finish successfully all the way because one service wouldn't restart after it replaced the certs. The "wcp" service which is now the only vCenter service that won't start. This is preventing VCSA backups from being made now because it complains that not all required services are running so something is still messed up.

If I try to start the service from appliance management UI, it says starting for a few minutes then returns the error "Operation timed out" on top.

Reply
0 Kudos
vcloud3d
Contributor
Contributor

WCP Service fails to start - try KB article/80588 - https://kb.vmware.com/s/article/80588 

If you still seeing error "No healthy upstream" try these steps which fixed mine. 

Update "hosts" file on local pc: [add the ip add 127.0.0.1 <vcenter.domainname.com>]

Path - C:\Windows\System32\drivers\etc\hosts

###########vcenter###################
127.0.0.1 <vcenter.domainname.com>

SAVE

reboot vCenter

hope this helps!!

vcloud3d (John.A)

Reply
0 Kudos
Lazslo
Contributor
Contributor

When I got the "Certificate Manager tool do not support vCenter HA systems" error the following solution worked for me:

1. mkdir /var/tmp/vmware

2. Run certificate-manager again

I hope it helps.

PaulB2
Enthusiast
Enthusiast

Same issue here with 7.02. 

sudo /usr/lib/vmware-vmca/bin/certificate-manager

works.

Reply
0 Kudos
senndoh
Contributor
Contributor

this worked for me

1. mkdir /var/tmp/vmware 2. Run certificate-manager again
miyamotosan
Contributor
Contributor

makes no sense to me but it works so Im not going to question any further.  Thanks!

Reply
0 Kudos
ptarnawski
Hot Shot
Hot Shot

Check TRUSTED_ROOT certs for any duplications or stale ones. 



Visit my blog:AngrySysOps.com
YT: AngryAdminYoutube
Visit my:Xwitter


If my answer has successfully addressed your issue, kindly mark it as RESOLVED. If it has provided valuable assistance, consider giving it a KUDOS. Thanks
Reply
0 Kudos
vmkfix-SSA
Contributor
Contributor

Reply
0 Kudos
Godwin_Christop
Enthusiast
Enthusiast

worked for me too!!!

 

Reply
0 Kudos
Vik001
Contributor
Contributor

shut down passive and witness  nodes 

ssh to active node and run: 

vcha-destroy -f
reboot

ssh to active node and run:

/usr/lib/vmware-vmca/bin/certificate-manager 

Reply
0 Kudos
taco_chris
Contributor
Contributor

This worked for me.  Thanks! 

Reply
0 Kudos
btechit
Enthusiast
Enthusiast

probably not logged in a root, since sudo needed to be run. 

Reply
0 Kudos
PcChip
Contributor
Contributor

this worked, thank you so much!

Reply
0 Kudos