VMware Cloud Community
nagisa83
Contributor
Contributor
‎09-03-2020 09:12 PM

VCSA 6.5u2 after replacing expired STS certificate and SSL certificate, the service still can not start

hello all

VCSA 6.5u2 after replacing expired STS certificate and SSL certificate, the service still can not start

I tried to do as KB76719 and VMware Knowledge Base , service stll can not start

service-control --status --all

Running:

applmgmt lwsmd vmafdd vmcad vmdird vmdnsd vmonapi vmware-cis-license vmware-eam vmware-psc-client vmware-rhttpproxy vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-vmon vmware-vpostgres vsphere-client vsphere-ui

Stopped:

pschealth vmcam vmware-cm vmware-content-library vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-perfcharts vmware-rbd-watchdog vmware-sca vmware-sps vmware-updatemgr vmware-vapi-endpoint vmware-vcha vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm

2020-09-04T04:03:19.229Z   Done running command

Service-control failed. Error Failed to start vmon services.vmon-cli RC=1, stderr=Failed to start sca, cm, vpxd-svcs, vapi-endpoint services. Error: Operation timed out

in vpxd-svc.log

2020-09-04T04:10:24.123Z [Thread-10  WARN  com.vmware.cis.server.util.impl.InitPoolTask  opId=] Init pool encountered exception: com.vmware.cis.server.util.exception.AuthenticationException at attempt 19

plz help me

0 Kudos
4 Replies
scott28tt
VMware Employee
VMware Employee
‎09-03-2020 11:44 PM

Moderator: Thread moved to the vCenter Server area.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
nagisa83
Contributor
Contributor
‎09-04-2020 02:50 AM

should i need use certificate-manager to replace a VMCA self-signed SSL with a Digicert certificate?

i run certificate-manager

Note : Use Ctrl-D to exit.

Option[1 to 8]: 8

Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y

Please provide valid SSO and VC priviledged user credential to perform certificate operations.

Enter username [Administrator@vsphere.local]:administrator@ranqi.local

Enter password:

certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y

Press Enter key to skip optional parameters or use Previous value.

Enter proper value for 'Country' [Previous value : US] :

Enter proper value for 'Name' [Previous value : CA] :

Enter proper value for 'Organization' [Previous value : VMware] :

Enter proper value for 'OrgUnit' [Previous value : VMware Engineering] :

Enter proper value for 'State' [Previous value : California] :

Enter proper value for 'Locality' [Previous value : Palo Alto] :

Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] :

Enter proper value for 'Email' [Previous value : email@acme.com] :

Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : 192.168.1.110

Enter proper value for VMCA 'Name' :192.168.1.110

Continue operation : Option[Y/N] ? : y

You are going to reset by regenerating Root Certificate and replace all certificates using VMCA

Continue operation : Option[Y/N] ? : y

Get site nameCompleted [Reset Machine SSL Cert...]

something worng? like VMCA name?or else

0 Kudos
marvinmarcos
VMware Employee
VMware Employee
‎12-16-2020 02:09 PM

Hi Folks,

These two KB articles have been recently updated that should help resolve these issues with replacing expired STS certificate pertaining to the version of VC you are running on your environment:

Good luck!

0 Kudos
marvinmarcos
VMware Employee
VMware Employee
‎12-17-2020 12:46 PM

Also, see Checking Expiration of STS Certificate on vCenter Server (79248) in conjunction with KB 76719 and 79263.

0 Kudos