i have problem related to my Vcenter server
1- if i try to access web console using IP i get the following error: "no healthy upstream"
2-if i try to access web console using FQDN i got the following error: "[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - Failed to connect to VMware Lookup Service https://vcenter.domain.local:443/lookupservice/sdk - SSL certificate verification failed."
3- But i can access vCenter Server Management page normally (VCenterIP:5480)
4- also the ssh access is not working every time i enable it, it goes to disable again
I'm afraid that something is corrupted, please i need your support
Version: 7.0.1.00100
Build Number: 17004997
I appreciate the information and advice you have shared. I will try to figure it out for more.
My Avalon Access
Hi
Have you tried as follows
Logon to vCenter console (the WebConsole / Remote Console)
Press F2 to login to vCenter
Go to "Thouble Shooting"
Enable BASH Shell
Press ALT-F3
Now login as root
Type "shell" to get a root console
Use the certificate tool to reset certificates
To start it just type "/usr/lib/vmware-vmca/bin/certificate-manager"
And follow to reset certificate
https://kb.vmware.com/s/article/2097936
PS You need to access vCenter trough the ESXi host its running on if its not on another vCenter.
@Mortendb thanks for your reply
i tried both 4 and 7 options on the shared article https://kb.vmware.com/s/article/2097936
but with no luck it gives error, should i use option 8 "Reset all certificates" ? and what may be the impact?
actually, I'm not experienced on VCenter, and really not sure what i should do
@Lara69 thanks for your reply
let me know if there any steps to follow?
Hi,
Check the status of services: service-control --status --all
surely there are these two services stopped: "vmware-vpxd-svcs" and "vmware-vapi-endpoint".
First of all we check with the following command if and which vCenter certificates are expired, run this command:
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
If there are no expired certificates, we also check the STS (Security Token Service).
To check if the STS certificate is expired, follow the kb: https://kb.vmware.com/s/article/79248
If the STS certificate has expired, please follow this kb: https://kb.vmware.com/s/article/76719
let us know
regard,
Alex_Romeo