I am trying to run a KVM lab running an esxi 7 and then vcenter 7. However, the install fails with the message and log below.
The install aborts due to a certificate expired but the certificate is not expired... Anyone facing the same problem? All machines are NTP synchronized.
+ <ManifestValidate valid="true"/>
2020-07-21T23:05:11.566Z - info: output:CERTIFICATE
+ <CertificatePeriod expired="true"/>
2020-07-21T23:05:11.580Z - info: output:CERTIFICATE
+ <CertIssuer>
+ /C=US/ST=California/L=Palo Alto/O=VMware, Inc.
+ </CertIssuer>
+ <CertSubject>
+ /C=US/ST=California/L=Palo Alto/O=VMware, Inc.
+ </CertSubject>
+ <X509Cert>
+ -----BEGIN CERTIFICATE-----
+ MIIDyzCCArOgAwIBAgIJAIR/y018RgMXMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
...
+ -----END CERTIFICATE-----
+ </X509Cert>
2020-07-21T23:05:30.692Z - info: output:ERROR
+ <Errors>
+ <Error>
+ <Type>ovftool.vi.import.vapp.create.spec</Type>
+ <LocalizedMsg>
+ Create import spec failed. Please verify importSpec
+ </LocalizedMsg>
+ </Error>
+ </Errors>
2020-07-21T23:05:30.726Z - info: output:RESULT
+ ERROR
2020-07-21T23:05:30.726Z - info: Xml output from ovftool: <data><ManifestValidate valid="true"/><CertificatePeriod expired="true"/><CertIssuer>/C=US/ST=California/L=Palo Alto/O=VMware, Inc.</CertIssuer><CertSubject>/C=US/ST=California/L=Palo Alto/O=VMware, Inc.</CertSubject><X509Cert>-----BEGIN CERTIFICATE-----MIIDyzCCArOgAwIBAgIJAIR/y018RgMXMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjAeFw0xNjA5MDgwMTE3MjFaFw0yOTEyMzEwMTE3MjFaME0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBALU9NUtC39fqG7yo2XAswUmtli9uA+31uAMw9FFHAEv/it8pzBQZ/4r+2bN+GnXOWhuDd1K4ApKMRvoO4LwQfZxrkx4pXrsu0gdb4OunHw0D8MrdzSoob8Js/uq+IJ+8Bhsc6b7RzTUt9HeDWzHasAJVgMsjehGt23ay9FKOT6dVD6D/Xi3qJnB/4t/XNS6L63dC3ea4guzKDyLaXIP5bf/m56jvVImFjhhTW2ASbnEUlZIVrEuyVcdG7e3FvZufE553JmHL0YG/0m5bIHXKRzBRx0D3HHOAzOKwkkOnxJHSTN4Hz8hSYCWvzUAjSYL3Q8qiTd7GHJ2ynsRnu3KlzKUCAQOjga8wgawwHQYDVR0OBBYEFHg8KQJdm8NPQDmYP41uEgKG+VNwMH0GA1UdIwR2MHSAFHg8KQJdm8NPQDmYP41uEgKG+VNwoVGkTzBNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRvMRUwEwYDVQQKDAxWTXdhcmUsIEluYy6CCQCEf8tNfEYDFzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQADK9uUhsXzpuUcWJq83Vh2HHSxZ/DdR6h+FNYHfEX8h8DOIwhRHhIHoqXkwwnpbjipFBtSzNKzTmzMQBwB7GwzGSsBO2TU8alX2ssnDg2AqwgIeLzclfaQlYoid678KrewnFryr9PYMntr7uyU1duesmey12GS2z5UIhA4BaOnrPJcLCP22nXVlPEsa46ob7XHj4ngZ0ck/qE58Z90GaAuxaa2R3OlHQ+AhXc3q5IixqMDa0MLPd41Qv2kC5iZ+tCfXVdlf4/RqQBNHR8FFVxcjpaROId9Y9/yHdsMt55nN7pf7vRf5vSk1bHvLmlOYgiRtAj6rdPq0c+/C+fct1cM-----END CERTIFICATE-----</X509Cert><Errors><Error><Type>ovftool.vi.import.vapp.create.spec</Type><LocalizedMsg>Create import spec failed. Please verify importSpec</LocalizedMsg></Error></Errors></data>
2020-07-21T23:05:30.728Z - error: Ovf Service:vmrefFlag: false
2020-07-21T23:05:30.728Z - info: Cancelling timeout due to error from progress callback
2020-07-21T23:05:30.728Z - error: Progress Controller: [VCSA ERROR] - Progress callback error
2020-07-21T23:05:30.728Z - error: Progress Controller: [VCSA ERROR] - Details Create import spec failed. Please verify importSpec
2020-07-21T23:05:30.733Z - info: Cancelling the ping timer for session mgmt
2020-07-21T23:05:30.733Z - info: Cancelling the ping timer for session mgmt
2020-07-21T23:05:30.751Z - info: ovfProcess child process exited with code 1
Are you doing fresh installation, or upgrading exiting one
Using ISO or OVF ?
It could be your ISO file, calculate the MD5 and SHA for the ISO and compare it to VMware portal.
I am doing a fresh install. Just a single ESXi v7.0 and then vCenter 7.0 trying to cross this first step to then create 2 additional ESXi nodes. The initial setup is a vSAN with 2 HDD, one emulated flash of 300GB and a second SATA with 500GB and with 6 CPUs and 40GB RAM.
I have downloaded again the ESXi, VCSA and Windows ISOs and checked their sha256 hash, they are all good. Also, I am running it virtualized out of a Fedora 32 Workstation, with KVM configured to do nesting. All machines are NTP synchronized. And yes, I have done this before and it used to work...
I get this weird symptom in 3 different machines. So I guess it is not hardware related.
My last guess would be about KVM. But it makes no sense...
Moacir
For those who may face this problem. It is absolutely crazy...
As of ESXi 7.0, qemu-kvm does not have a standard network adapter that ESXi would recognize it. However, it does have a "vmxnet3" NIC and ESXi will recognize it, so I use to install ESXi 7.0 using this adapter. I have no clue why, if I install ESXi 6.7 or 7.0 using this adapter then when I ry to install the VCSA I will get this error. As qemu-kvm does not have any other NIC that I can use for ESXi 7.0, then I can not install it. However, I can use the NIC e1000 with ESXi 6.7 and so I did. It works! So, a NIC device, in this case vmxnet3 from qemu-kvm, is causing this problem. But the question is still there: Why ESXi 7.0 installs ok using the NIC vmxnet3 but the VCSA installer will then fail to install the VCSA complaining about a certificate?
Anyone???
Moacir
Hi Moacir2020,
I currently have the exact same issue. Thank you for the description.
Do you found a solution to install vCenter 7 as a KVM guest?
Kind regards
This is an old thread at this point, but I am running into the same issues as well and I also tried adding the host to an existing deployment and that fails when the NIC is set as vmxnet3. Curious if anyone had found a solution other than the e1000.
Hey, hope you are doing fine.
Are you sure this is supported?
I am not certain, I am trying to build a versatile lab without having to manage multiple hardware platforms to do so. It just seemed odd how it is behaving and seeing that someone else ran into the same error I was wondering if they found a workaround.
Hi everyone,
indeed I found a solution to my specific problem. I am using unRAID as my Host OS. With the most recent version the integrated QEMU-Kernel got updated to version 6.0.0 and libvirt version 7.3.0.
Using these versions I am able to set the virtual NICs as vmxnet3 and I am able to install VCSA 7.0.2 in this nested ESXi environment.
Thank you for this information and the followup. I am also using unraid and will give that a try.
Is that unraid 6.9.2 or the 6.10 beta? My 6.9.2 looks like 5.1...
/usr/bin/qemu-system-x86_64 --version
QEMU emulator version 5.1.0
Also can you let me know your settings for the vm? Mine are "Machine= i440fx-5.1", "BIOS=SeaBIOS"
Disregard, I answered my own question in the release notes. These new versions are in the 6.10+ builds and it also fixed my issue!
what exactly you do for working vcsa on nested virtulization ?
I don't fully understand the question.