Contributor
Contributor

error 26002. Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service

Has anyone seen this error when upgrading vCenter Server from 5.0 to 5.1?

The install process for Single Sign On and Inventory Service appeared to complete successfully, but we see this error when we are most of the way through the vCenter Server install.

The vim-vcs-msi.log has these entries:

MSI (s) (A4:58) [17:27:07:017]: Invoking remote custom action. DLL: C:\Windows\Installer\MSID278.tmp, Entrypoint: VMRegisterWithIS

Error 26002.Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service

MSI (s) (A4!54) [17:40:46:024]: Product: VMware vCenter Server -- Error 26002.Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service

CustomAction VM_RegisterWithIS returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

Action ended 17:40:46: InstallExecute. Return value 3.

23 Replies
Enthusiast
Enthusiast

I get exactly the same error.

Do you perhaps use self signed certificates signed by a Windows 2008 R2 CA?

0 Kudos
Enthusiast
Enthusiast

Since vCenter installer uninstalled my old vCenter 5.0 version I did the following to succesfully install vCenter 5.1.

I recovered the SSL certificates back to the original vcenter certificates in %ALLUSERSPROFILE%\VMWare\VMWare VirtualCenter\SSL. I created a backup when I started using my CA signed certificates.

vCenter 5.1 installation completed succesfully using the 'original' certificates.

0 Kudos
Contributor
Contributor

I also encountered the same problem, do not know how to solve

Does anyone know the solution to this?

Smiley Sad

0 Kudos
Contributor
Contributor

Same problem.

Fresh 2008R2 install.

Fresh vCenter install.

0 Kudos
Enthusiast
Enthusiast

If you dont have a backup of the original self-signed certificates, is it possible to recreate them? I'm having this issue where an upgrade failed with the same error, and I'm using 2008 R2 CA signed certificates for vCenter.

0 Kudos
Enthusiast
Enthusiast

Workaround appears to be deleting the contents of %ALLUSERSPROFILE%\VMware\VMware VirtualCenter\SSL to allow the install to recreate the self-signed certificates. This process will NOT work for an upgrade install, as the error will roll back the install (and leave you with an UNINSTALLED vCenter [previous version] and an upgraded database).

I would definitely backup the contents of this folder (to save any 2008 R2 CA-signed, or external-signed certs)

0 Kudos
VMware Employee
VMware Employee

I did the thing that this guy said to do. Go to http://derek858.blogspot.com/2012/09/vmware-vcenter-51-installation-part-7.html and search on Error 26002.

0 Kudos
Contributor
Contributor

you got the error  below?

vcenter-01-2012-10-04-22-51-43.png

This is how i was able to fix the issue and install Vcenter 5.1 on a brand new machine.

1. Simple install does not work, so you need to install vcenter prerequisites one by one .

2. install SSO using the autorun and default configuration

3. install inventory service with default configuration.

This is the step that needs to be taken before running vcenter core setup to fix the Error 26002 issue. :

4. Open a browser and goto https://VcenterName.Domain.Name:7444

vcenter-01-2012-10-04-22-57-12.png

5. Click View certificates

vcenter-01-2012-10-04-22-56-01.png

click on certification path and then select RSA Identity and Access toolkit Root CA

click View certificate and then hit Install certificate and follow the wizard to import the Cert in the default location.

6.

vcenter-01-2012-10-04-22-56-12.png

vcenter-01-2012-10-04-22-56-54.png

after the import is successful

now you can install vcenter using the installation menu.

and this should resolve the issue with inventory service registeration.

Enthusiast
Enthusiast

@SIAIRANI

I THOUGHT you were the man, but unfortunately your solution did NOT solve my problem although it did seem to let me get farther. I would point out ONE thing though in that your solution is not 100% accurate, so for anyone else make sure you select "Run As Administrator" when you open Internet Explorer otherwise you will NOT get the option "Install Certificate" as shown in Siairani's screenshots...

What DID solve my issue was Derek Seaman's solution on his blog:

http://derek858.blogspot.com/2012/09/vmware-vcenter-51-installation-part-7.html

QUOTE:

Update: If you wish to save yourself some headache, you can pre-populate your trusted SSL certificates to the vCenter Server SSL directory, so that upon installation it will automatically use your new certificate without any further work. Replacing the vCenter certificates post install is tedious at best, and thus pre-population is STRONGLY recommended.

From your Certs\vCenter directory copy the rui.key, rui.crt and rui.pfx files to:

C:\ProgramData\VMware\VMware VirtualCenter\ssl

QUOTE:

This allowed me to complete my installation and now I am happily running vCenter 5.1... :smileydevil:

0 Kudos
Enthusiast
Enthusiast

I must add, however, that the certificate must have all pertinent attributes

as listed in Derek's blog or the pre-stating will FAIL!

-Ed

0 Kudos
Enthusiast
Enthusiast

@DonChino

How did you pre-popolate your SSL directory ? Did you have your own SSL cert ? I had all tried and I always have the error 26002. Smiley Sad

0 Kudos
Enthusiast
Enthusiast

I have tried to remove all ssl certificate but for inventory service, i found 2 directory ssl. First on C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl and Second on C:\Program Files\VMware\Infrastructure\Inventory Service\ssl. Which is the good ??? 5.0 used one and 5.1 use another ?

0 Kudos
Enthusiast
Enthusiast

Hey glad my blog post was somewhat helpful to those with this error. I was never able to overcome the 26002 error when configurating trusted certificates post-installation of the Inventory service. Per my blog, pre-populating the trusted certs prior to Inventory service worked 100% of the time for me. I never have tried the simple install..so can't comment on how to fix that problem. 

I wrote a script to pre-stage the SSL certificates, which shows you all the SSL directories vCenter 5.1 uses:

http://derek858.blogspot.com/2012/10/vmware-vcenter-51-ssl-pre-staging-script.html

Derek Seaman
0 Kudos
Enthusiast
Enthusiast

Thanks for your response.

I ever tried to install with the standard certificates and reinstall in keeping them but i always have the same. But never didn't have this windows during the installation :

9-16-2012 10-13-36 AM.jpg

And the directory "c:\ProgramData\VMware\SingleSignOn\SSL" doesn't exist. I always installed a basic SigleSignOn.

vCenter 5.0 seems to store his certificates in "C:\Program Files\VMware\Infrastructure\Inventory Service\ssl" and vCenter 5.1 in "C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl"

I  also remark that open a default certificate of vCenter 5.1 take around 15 second in compare to a default certificate of vCenter 5.0 that open instantly.

Below the certificate of vCenter 5.0 and next 5.1.

5.0 uses sha1 and 5.1 uses sha256.

cert5-0.JPG

cert5-1.JPG

Ce message a été modifié par: goyer

0 Kudos
Enthusiast
Enthusiast

A couple of things:

1) In my blog post I mention that VMware does not create c:\ProgramData\VMware\SingleSignOn\SSL, but that you need a place to keep the SSO SSL certificates since the service needs continuous access. So that's a directory I used to put the SSL certificates, but you could put them some place else for safe keeping. At first I thought it just copied the certificates into the database and didn't need continuous access, but that's not the case.

2) You are correct about where 5.1 looks for the inventory service SSL certificates, which is not the same as 5.0

3) 5.1 also uses SHA256 for the certificates, as that is more secure, so that is normal to see

4) I always use the "HA" installation mode for the SSO service, so maybe that's why you don't see the Administrator dialog box. I've never installed the SSO service in non-HA mode.

Derek Seaman
Contributor
Contributor

Well guys, everything looks simpler than you think.

If anyone is still looking for a solution to this problem then just simply remove the tick from "This administrator is a user group" (use goyer's 14th post as an example) and write a proper user name like: Administrator@[yourdomain]

That should help, at least it did for me.

0 Kudos
Enthusiast
Enthusiast

Hi,

I used the new release of vcenter 5.1.0a for resolve this problem.

- Backup database

- Uninstall vCenter

- Remove database and all certificates

- Install vCenter with new database

- Uninstall vCenter

- Remove new database

- Restore your database

- Install vCenter (with new certificate)

0 Kudos
Contributor
Contributor

After more than 2 weeks trying to install with this error i gave up installing it the way a want (upgrade vCenter 5.0 to 5.1 on the same machine)

Installing with new machine (in parallel), local SSO database, and new Inventory Service, works fine.

Migrate hosts process don't stop virtual machines.

0 Kudos
Contributor
Contributor

The resolution for the 26002 Vcenter setup failure and roll back installation result,  there should be 3 rui.key, rui.crt and rui.pfx under the directory  C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl\.vcentersetupcerts.png

Just selet them and install the certifications then re-run the Vcenter installation piece.