TryllZ
Hot Shot
Hot Shot

certificate-manager 'lstool reregister' failed | Fresh Install | SSL certificate verification failed

Jump to solution

Hi,

I have trying to get this work for some days now, have installed fresh numerous times, it just won't work.

vCenter Appliance version is 6.7.0 build-16709110 (6.7 U3 J, tried latest version U3 L as well), changed browser as well none of it helped.

Once vCenter is installed I am only able to login once, the 1st time, and thats it. Once the vCenter is restart the HTML UI shows "Failed to connect to VMware Lookup Service - SSL Certificate Verification Failed"

I have tried Reset All Certifications (option 8 in Certificate Manager) which was successful but upon vCenter restart the same error again.

If someone can help as this has been going on for days now trying to troubleshooting one method after another from kb.vmware.com.

I attempted a CA certificate using option 1 in Certificate manager and using the CSR to get the certificate from Windows Server CA (no intermediate CA) but that method as instructed on https://kb.vmware.com/s/article/2112014 does not work either.

Any help is appreciated.

vServerPDC-2021-01-03-23-24-32.pngvServerPDC-2021-01-03-23-24-33.pngvServerPDC-2021-01-03-23-24-44.png

2021-01-03T23:23:43.575Z INFO certificate-manager ['__MACHINE_CERT']
2021-01-03T23:23:43.623Z INFO certificate-manager lstool command currently being executed is : ['/usr/java/jre-vmware/bin/java', '-Djava.security.properties=/etc/vmware/java/vmware-override-java.security', '-cp', '/usr/lib/vmidentity/tools/lib/lookup-client.jar:/usr/lib/vmidentity/tools/lib/*', '-Dlog4j.configuration=tool-log4j.properties', 'com.vmware.vim.lookup.client.tool.LsTool', 'get-site-id', '--no-check-cert', '--url', 'https://vCSA.vlab.lab:443/lookupservice/sdk']
2021-01-03T23:23:44.634Z INFO certificate-manager lstool command currently being executed is : ['/usr/java/jre-vmware/bin/java', '-Djava.security.properties=/etc/vmware/java/vmware-override-java.security', '-cp', '/usr/lib/vmidentity/tools/lib/lookup-client.jar:/usr/lib/vmidentity/tools/lib/*', '-Dlog4j.configuration=tool-log4j.properties', 'com.vmware.vim.lookup.client.tool.LsTool', 'list', '--no-check-cert', '--url', 'https://vCSA.vlab.lab:443/lookupservice/sdk', '--id-only']
2021-01-03T23:23:45.874Z INFO certificate-manager lstool command currently being executed is : ['/usr/java/jre-vmware/bin/java', '-Djava.security.properties=/etc/vmware/java/vmware-override-java.security', '-cp', '/usr/lib/vmidentity/tools/lib/lookup-client.jar:/usr/lib/vmidentity/tools/lib/*', '-Dlog4j.configuration=tool-log4j.properties', 'com.vmware.vim.lookup.client.tool.LsTool', 'get55', '--no-check-cert', '--url', 'https://vCSA.vlab.lab:443/lookupservice/sdk', '--id', 'default-site:ead635c0-b556-45eb-9646-d1c917913c06', '--as-spec']
2021-01-03T23:23:46.846Z INFO certificate-manager lstool command currently being executed is : ['/usr/java/jre-vmware/bin/java', '-Djava.security.properties=/etc/vmware/java/vmware-override-java.security', '-cp', '/usr/lib/vmidentity/tools/lib/lookup-client.jar:/usr/lib/vmidentity/tools/lib/*', '-Dlog4j.configuration=tool-log4j.properties', 'com.vmware.vim.lookup.client.tool.LsTool', 'reregister55', '--no-check-cert', '--url', 'https://vCSA.vlab.lab:443/lookupservice/sdk', '--id', 'default-site:ead635c0-b556-45eb-9646-d1c917913c06', '--spec', '/tmp/svcspec_esplbyv7', '--user', 'administrator@vcsa.lab', '--password', '*****']
2021-01-03T23:23:48.98Z ERROR certificate-manager 'lstool reregister' failed: 1
2021-01-03T23:23:48.98Z INFO certificate-manager Error while reverting certificate for store : MACHINE_SSL_CERT
2021-01-03T23:23:48.99Z ERROR certificate-manager Error while performing rollback operation, please try Reset operation...
2021-01-03T23:23:48.99Z ERROR certificate-manager please see /var/log/vmware/vmcad/certificate-manager.log for more information.

0 Kudos
1 Solution

Accepted Solutions
TryllZ
Hot Shot
Hot Shot

Hi,

I manage to get the issue resolved following the explanation on https://mueller-tech.com/2019/06/28/replacing-expired-certificates/

The vCenter is up and running, have restarted and checked as well.

Thanks for all the help.

View solution in original post

0 Kudos
5 Replies
Alex_Romeo
Leadership
Leadership

Hi,

Before installation, did you create the DNS record for the vCenter on your DNS?
Did you enter DNS parameters when installing vCenter?

in the test environment i had the same problem in the past and it was the missing DNS record during installation.

Alex_Romeo

 

Blog: https://www.aleadmin.it/
0 Kudos
TryllZ
Hot Shot
Hot Shot

The DNS entries are in place, and DNS resolves fine both from the HTML UI and CLI.

The error is once vCenter is installed completely.

0 Kudos
Alex_Romeo
Leadership
Leadership

Hi,

it also happened to me that after installation I only logged into vCenter once and then it also gave me the error.
I remember running a couple of tests including DNS and changing the vCenter 6.7 U3L ISO image to 6.7 U3 ... in the end it worked.

 

Alex_Romeo

Blog: https://www.aleadmin.it/
0 Kudos
TryllZ
Hot Shot
Hot Shot

Thanks @Alex_Romeo 

I have been through 6.7 U3, U3 J, U3 L with the same issue.

Currently I'm looking at the below for the same issue, one relates to vCenter and the other to Windows Server CA certificate algorithm.

https://mueller-tech.com/2019/06/28/replacing-expired-certificates/

https://www.reddit.com/r/vmware/comments/6vlk1l/psc_vmca/

0 Kudos
TryllZ
Hot Shot
Hot Shot

Hi,

I manage to get the issue resolved following the explanation on https://mueller-tech.com/2019/06/28/replacing-expired-certificates/

The vCenter is up and running, have restarted and checked as well.

Thanks for all the help.

View solution in original post

0 Kudos