VMware Cloud Community
spoovy
Enthusiast
Enthusiast
‎04-30-2019 03:29 AM

P2V / Upgrade fail -- "Unable to enumerate and validate the root certificates from the TRUSTED_ROOTS VECS store."

I'm trying to upgrade from a Windows VCS (6.5) to VCSA (6.7).   Falling at the first hurdle though -- the migration assistant, run on the Windows VCS fails with:

Error: Unable to enumerate and validate the root certificates from the TRUSTED_ROOTS VECS store.

Resolution: Make sure that the vmafd service is reachable and started before continuing.

The VMware afd service is running though (it runs as a Windows service, "Local System" user).  I have tried the usual, restarting service to no avail.  The service does have "Allow service to interact with desktop" selected. Under the vSphere Web Client / Root Certificates I can see the normal CA cert (VMware Engineering) which is not expired and looks fine.

No idea why this isn't working (I'm not really a Windows guy), so any pointers appreciated.

Tags (2)
Reply
0 Kudos
29 Replies
AlexJudge
VMware Employee
VMware Employee
‎05-30-2019 04:42 PM

Has anyone found a solution to this issue? I'm seeing the same error...

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
‎05-31-2019 05:31 AM

sent PM ...pls check

Reply
0 Kudos
PattersonS
Contributor
Contributor
‎06-03-2019 07:00 AM

Same error in an upgrade from 6.5 to 6.7 U2 VCSA.

I checked all stores and verified all logins, even connected to vCenter prior to access Certs. No luck, cannot finish Step 2 of Upgrade.

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
‎06-03-2019 07:21 AM

can you share me the output of trusted store as  a pm...

Thanks,

MS

Reply
0 Kudos
PattersonS
Contributor
Contributor
‎06-03-2019 03:03 PM

Not allowing me to PM. Red bar at bottom. Problems with VMware community site all day.

Reply
0 Kudos
PattersonS
Contributor
Contributor
‎06-03-2019 07:51 PM

Ok new work around, at least in my situation. We are HPE Nimble, and although the Cert is up to date, it's not liked by VMware, not in this case at least. Nimble has VMware integration that install the cert, simple unregister the integration plugins via Nimble and the task will be able to complete correctly. Then once complete, re-register the Web Client and VASA providers (VVols).

Check your External Plugins. For me it was a SANs integration.

Reply
deathwishcoffee
Contributor
Contributor
‎06-05-2019 10:04 AM

I am also having this issue.  Could you please send me the commands?

Reply
0 Kudos
johager
Contributor
Contributor
‎06-06-2019 03:52 AM

Strange, that this failure only happens with Update 2 of vCenter 6.7. All forum questions i found dated after April 2019. After i changed the installation medium from vCenter 6.7 U2a to vCenter 6.7 U1b and retried the Upgrade the error was gone.

So i assume its a 6.7 U2 problem. Just try it with 6.7 U1 and perhaps the upgrade will continue.

Reply
0 Kudos
Kage_no_Gundan
Contributor
Contributor
‎09-22-2019 05:59 AM

Fellow HPE Nimble admin here.  I ran into the same thing.  Thanks for pointing this out; unregistering only the VASA provider did it for me, which is worrying as VASA registration prevented SRM w/ABR from running on our server infrastructure.

Reply
0 Kudos
ASobolev
Contributor
Contributor
‎01-29-2020 06:13 AM

Сan you send me commands to? I try to migrate Windows vCenter Server 6.5u1 to VCSA 6.7u3b and get the same error as in the topic.

Reply
0 Kudos