I have a separate PSC and VCSA at version 6.5 U2. I have upgraded both to version 6.7 U2 from the ISO and am now trying to converge to one VM. I have mounted the VCSA ISO on the VCSA 6.7 VM as I don't have internet access from these machines. The converge process is started succesfully from the GUI but then fails. looking at the converge.log on the VCSA I see the first error is 'ERROR converge Unable to run ldapsearch'
then it later says 'ERROR converge Failed to run white listed firstboot scripts'
I have checked the converge_status.json file and it indicates firstboot stage 1 of 4 failed.
All DNS is working correctly and I am unsure what to check next with this. It is a lab environment so I can try things out without affecting any prod systems. Any suggestions on how to resolve this?
You can try below steps to resolve this issue,
To work around this issue, disable TSO (TCP Segmentation Offload) and GSO (Generic Segmentation Offload) on the Ethernet Adapter Configuration of the source Platform Services Controller or Replication Partner vCenter Appliance before performing Convergence / Fresh Deployment / Cross Domain Repoint.
Connect to the vCenter Server Appliance using SSH.
Execute these commands:
ethtool -K eth0 tso off
ethtool -K eth0 gso off
To enable TSO and GSO after Convergence / Fresh Deployment / Cross Domain Repoint is completed:
Execute these commands:
ethtool -K eth0 tso on
ethtool -K eth0 gso on
Note: Please take powered off snapshot for all the nodes(PSC & VC).
I tried the ethtool commands, made no difference. Anyone figure this out? I'm running vcsa 6.7 latest build as of 12/13 b# 15129973. Why can't it run the white listed firstboot scripts. This should not be this difficult. By the way I turned off tso and gso on all psc's and vcsa to eliminate any doubt. been working on this for months i was hoping the latest build had ironed out the bugs.
wasted HOURS on this simple task.
if you can share the log bundle for the failed convergence activity we can look into that. We cannot give answers by assuming the issues which may work to an extent.. real issue can be found from logs and solution can be shared or atleast we can point out the problem
Thanks for your reply and offer to assist.
I resolved my issue. I "think" my issue was caused by a failed converge and the SSO database not getting clean up. Error was exactly as above but in other logs seeing unable to do a ldapsearch.
1. Mount the "FULL ISO" not the FP to the VCSA and double check that it is actually connected
2. Ran the ethtool commands above even though the nic issue is suppose to be fixed, easy to run the commands and after reboot the default to ON. By the way ran commands on all psc's and vcsa's
3. Believe what really fixed my issue was running "Jexplorer" and cleaning up the SSO database.
CAUTION - snapshot all PSC's and VCSA's before using this tool just in case.
4. Ran converge and it work for both set of PSC's and VCSA's in Prod and DR location.
Hope this helps someone.