hello all
VCSA 6.5u2 after replacing expired STS certificate and SSL certificate, the service still can not start
I tried to do as KB76719 and VMware Knowledge Base , service stll can not start
service-control --status --all
Running:
applmgmt lwsmd vmafdd vmcad vmdird vmdnsd vmonapi vmware-cis-license vmware-eam vmware-psc-client vmware-rhttpproxy vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-vmon vmware-vpostgres vsphere-client vsphere-ui
Stopped:
pschealth vmcam vmware-cm vmware-content-library vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-perfcharts vmware-rbd-watchdog vmware-sca vmware-sps vmware-updatemgr vmware-vapi-endpoint vmware-vcha vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm
2020-09-04T04:03:19.229Z Done running command
Service-control failed. Error Failed to start vmon services.vmon-cli RC=1, stderr=Failed to start sca, cm, vpxd-svcs, vapi-endpoint services. Error: Operation timed out
in vpxd-svc.log
2020-09-04T04:10:24.123Z [Thread-10 WARN com.vmware.cis.server.util.impl.InitPoolTask opId=] Init pool encountered exception: com.vmware.cis.server.util.exception.AuthenticationException at attempt 19
plz help me
Moderator: Thread moved to the vCenter Server area.
should i need use certificate-manager to replace a VMCA self-signed SSL with a Digicert certificate?
i run certificate-manager
Note : Use Ctrl-D to exit.
Option[1 to 8]: 8
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y
Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:administrator@ranqi.local
Enter password:
certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y
Press Enter key to skip optional parameters or use Previous value.
Enter proper value for 'Country' [Previous value : US] :
Enter proper value for 'Name' [Previous value : CA] :
Enter proper value for 'Organization' [Previous value : VMware] :
Enter proper value for 'OrgUnit' [Previous value : VMware Engineering] :
Enter proper value for 'State' [Previous value : California] :
Enter proper value for 'Locality' [Previous value : Palo Alto] :
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] :
Enter proper value for 'Email' [Previous value : email@acme.com] :
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : 192.168.1.110
Enter proper value for VMCA 'Name' :192.168.1.110
Continue operation : Option[Y/N] ? : y
You are going to reset by regenerating Root Certificate and replace all certificates using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameCompleted [Reset Machine SSL Cert...]
something worng? like VMCA name?or else
Hi Folks,
These two KB articles have been recently updated that should help resolve these issues with replacing expired STS certificate pertaining to the version of VC you are running on your environment:
Good luck!
Also, see Checking Expiration of STS Certificate on vCenter Server (79248) in conjunction with KB 76719 and 79263.