VMware Cloud Community
stewflt
Contributor
Contributor

VCSA 7.02 fresh installation fail.

Hi,

I'm working on a sandbox with esxi7 and vcsa 7.02 at home. I built a homelab to test some specific feature of vsphere/vcsa. I have successfuly installed vsphere 7 but now I have some troubles to install vcsa. Installation stuck a 86/100 :

I ran the installation from Gui and CLI but same problems :

DNS is fully resolved.

My log : (everything was fine in installation process until this SSL error) :

2021-08-21 19:17:38,191 - vCSACliInstallLogger - INFO - VCSA Deployment is still running
2021-08-21 19:18:08,207 - vCSACliInstallLogger - DEBUG - Proceed with certificate thumbprint check...
2021-08-21 19:18:08,592 - vCSACliInstallLogger - DEBUG - Retrieved all ip addresses from appliance vcenter: ['192.168.1.51']
2021-08-21 19:18:08,618 - vCSACliInstallLogger - DEBUG - Querying REST endpoint '/rest/vcenter/deployment' on appliance '192.168.1.51' for deployment status
2021-08-21 19:18:08,618 - vCSACliInstallLogger - DEBUG - Proceed with certificate thumbprint check...
2021-08-21 19:18:08,618 - vCSACliInstallLogger - DEBUG - Requesting deployment status from target vCSA REST API endpoint 'https://192.168.1.51:5480/rest/vcenter/deployment'
2021-08-21 19:18:09,053 - vCSACliInstallLogger - INFO - ==========VCSA Deployment Progress Report==========
Task: Install required RPMs for the appliance.(RUNNING 86/100) - Installed VMware-spherelet-2.0.0-8919831.x86_64.rpm

2021-08-21 19:18:09,054 - vCSACliInstallLogger - INFO - VCSA Deployment is still running
2021-08-21 19:18:39,084 - vCSACliInstallLogger - DEBUG - Proceed with certificate thumbprint check...
2021-08-21 19:18:39,223 - vCSACliInstallLogger - DEBUG - Retrieved all ip addresses from appliance vcenter: ['192.168.1.51']
2021-08-21 19:18:39,272 - vCSACliInstallLogger - DEBUG - Querying REST endpoint '/rest/vcenter/deployment' on appliance '192.168.1.51' for deployment status
2021-08-21 19:18:39,272 - vCSACliInstallLogger - DEBUG - Proceed with certificate thumbprint check...
2021-08-21 19:18:39,272 - vCSACliInstallLogger - DEBUG - Requesting deployment status from target vCSA REST API endpoint 'https://192.168.1.51:5480/rest/vcenter/deployment'
2021-08-21 19:18:39,277 - vCSACliInstallLogger - DEBUG - Failed to query REST endpoint '/rest/vcenter/deployment' on appliance IP '192.168.1.51' for deployment status because: ("bad handshake: Error([('SSL routines', 'SSL23_GET_SERVER_HELLO', 'unknown protocol')],)",). If the error message contains references about messages being expired, a login problem, or its context indicates a timing issue, a possible reason could be system clock skew. Refer to error messages in 'taskflow.log' for more details.
2021-08-21 19:18:39,277 - vCSACliInstallLogger - DEBUG - Failed to query appliance API against VM 'vcenter' on 'esxi1.homelab.lan' for the deployment status because '("bad handshake: Error([('SSL routines', 'SSL23_GET_SERVER_HELLO', 'unknown protocol')],)",). If the error message contains references about messages being expired, a login problem, or its context indicates a timing issue, a possible reason could be system clock skew. Refer to error messages in 'taskflow.log' for more details. . If you see this during firstboot, this probably indicates the VCSA is now rebooting and the status will resume in a few minutes. ', retrying and will timeout in '3570 seconds
2021-08-21 19:18:39,312 - vCSACliInstallLogger - DEBUG - traceback: Traceback (most recent call last):
File "/build/mts/release/bora-17506253/bora/install/vcsa-installer/vcsaCliInstaller/deps/urllib3/urllib3/contrib/pyopenssl.py", line 438, in wrap_socket
File "/build/mts/release/bora-17506253/bora/install/vcsa-installer/vcsaCliInstaller/deps/pyopenssl/OpenSSL/SSL.py", line 1442, in do_handshake
File "/build/mts/release/bora-17506253/bora/install/vcsa-installer/vcsaCliInstaller/deps/pyopenssl/OpenSSL/SSL.py", line 1187, in _raise_ssl_error
File "/build/mts/release/bora-17506253/bora/install/vcsa-installer/vcsaCliInstaller/deps/pyopenssl/OpenSSL/_util.py", line 48, in exception_from_error_queueOpenSSL.SSL.Error: [('SSL routines', 'SSL23_GET_SERVER_HELLO', 'unknown protocol')]

I ran the installation with :

sudo /mnt/vcsa-cli-installer/lin64/vcsa-deploy install --no-ssl-certificate-verification --accept-eula --acknowledge-ceip /home/mike/vcsa-esxi.json

vcsa-esxi.json:

{
"__version": "2.13.0",
"__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
"new_vcsa": {
"esxi": {
"hostname": "esxi1.homelab.lan",
"username": "root",
"password": "<masked>",
"deployment_network": "VM Network",
"datastore": "DS2"
},
"appliance": {
"__comments": [
"You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the st
orage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deploym
ent-sizes"
],
"thin_disk_mode": true,
"deployment_option": "tiny",
"name": "vcenter"
},
"network": {
"ip_family": "ipv4",
"mode": "static",
"ip": "192.168.1.51",
"dns_servers": [
"192.168.1.24"
],
"prefix": "24",
"gateway": "192.168.1.254",
"system_name": "vct1.homelab.lan"
},
"os": {
"password": "ExamplePass@456",
"ntp_servers": "time.google.com",
"ssh_enable": true
},
"sso": {
"password": "ExamplePass@456",
"domain_name": "vsphere.local"
}
},
"ceip": {
"description": {

"__comments": [
"++++VMware Customer Experience Improvement Program (CEIP)++++",
"VMware's Customer Experience Improvement Program (CEIP) ",
"provides VMware with information that enables VMware to ",
"improve its products and services, to fix problems, ",
"and to advise you on how best to deploy and use our ",
"products. As part of CEIP, VMware collects technical ",
"information about your organization's use of VMware ",
"products and services on a regular basis in association ",
"with your organization's VMware license key(s). This ",
"information does not personally identify any individual. ",
"",
"Additional information regarding the data collected ",
"through CEIP and the purposes for which it is used by ",
"VMware is set forth in the Trust & Assurance Center at ",
"http://www.vmware.com/trustvmware/ceip.html . If you ",
"prefer not to participate in VMware's CEIP for this ",
"product, you should disable CEIP by setting ",
"'ceip_enabled': false. You may join or leave VMware's ",
"CEIP for this product at any time. Please confirm your ",
"acknowledgement by passing in the parameter ",
"--acknowledge-ceip in the command line.",
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
]
},
"settings": {
"ceip_enabled": false
}
}
}

I consume time on internet but no information about this issue. If you can help me, I really appreciate. I'm stuck since 3 days.

Reply
0 Kudos
1 Reply
fabio1975
Commander
Commander

Ciao 

A trivial question, did you enter the record for the vCenter in the DNS?
vct1 -> 192.168.1.51

 

 

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

Reply
0 Kudos