Has anyone seen this error when upgrading vCenter Server from 5.0 to 5.1?
The install process for Single Sign On and Inventory Service appeared to complete successfully, but we see this error when we are most of the way through the vCenter Server install.
The vim-vcs-msi.log has these entries:
MSI (s) (A4:58) [17:27:07:017]: Invoking remote custom action. DLL: C:\Windows\Installer\MSID278.tmp, Entrypoint: VMRegisterWithIS
Error 26002.Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service
MSI (s) (A4!54) [17:40:46:024]: Product: VMware vCenter Server -- Error 26002.Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service
CustomAction VM_RegisterWithIS returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 17:40:46: InstallExecute. Return value 3.
Since vCenter installer uninstalled my old vCenter 5.0 version I did the following to succesfully install vCenter 5.1.
I recovered the SSL certificates back to the original vcenter certificates in %ALLUSERSPROFILE%\VMWare\VMWare VirtualCenter\SSL. I created a backup when I started using my CA signed certificates.
vCenter 5.1 installation completed succesfully using the 'original' certificates.
If you dont have a backup of the original self-signed certificates, is it possible to recreate them? I'm having this issue where an upgrade failed with the same error, and I'm using 2008 R2 CA signed certificates for vCenter.
Workaround appears to be deleting the contents of %ALLUSERSPROFILE%\VMware\VMware VirtualCenter\SSL to allow the install to recreate the self-signed certificates. This process will NOT work for an upgrade install, as the error will roll back the install (and leave you with an UNINSTALLED vCenter [previous version] and an upgraded database).
I would definitely backup the contents of this folder (to save any 2008 R2 CA-signed, or external-signed certs)
you got the error below?
This is how i was able to fix the issue and install Vcenter 5.1 on a brand new machine.
1. Simple install does not work, so you need to install vcenter prerequisites one by one .
2. install SSO using the autorun and default configuration
3. install inventory service with default configuration.
This is the step that needs to be taken before running vcenter core setup to fix the Error 26002 issue. :
4. Open a browser and goto https://VcenterName.Domain.Name:7444
5. Click View certificates
click on certification path and then select RSA Identity and Access toolkit Root CA
click View certificate and then hit Install certificate and follow the wizard to import the Cert in the default location.
after the import is successful
now you can install vcenter using the installation menu.
and this should resolve the issue with inventory service registeration.
I THOUGHT you were the man, but unfortunately your solution did NOT solve my problem although it did seem to let me get farther. I would point out ONE thing though in that your solution is not 100% accurate, so for anyone else make sure you select "Run As Administrator" when you open Internet Explorer otherwise you will NOT get the option "Install Certificate" as shown in Siairani's screenshots...
What DID solve my issue was Derek Seaman's solution on his blog:
Update: If you wish to save yourself some headache, you can pre-populate your trusted SSL certificates to the vCenter Server SSL directory, so that upon installation it will automatically use your new certificate without any further work. Replacing the vCenter certificates post install is tedious at best, and thus pre-population is STRONGLY recommended.
From your Certs\vCenter directory copy the rui.key, rui.crt and rui.pfx files to:
This allowed me to complete my installation and now I am happily running vCenter 5.1... :smileydevil:
I have tried to remove all ssl certificate but for inventory service, i found 2 directory ssl. First on C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl and Second on C:\Program Files\VMware\Infrastructure\Inventory Service\ssl. Which is the good ??? 5.0 used one and 5.1 use another ?
Hey glad my blog post was somewhat helpful to those with this error. I was never able to overcome the 26002 error when configurating trusted certificates post-installation of the Inventory service. Per my blog, pre-populating the trusted certs prior to Inventory service worked 100% of the time for me. I never have tried the simple install..so can't comment on how to fix that problem.
I wrote a script to pre-stage the SSL certificates, which shows you all the SSL directories vCenter 5.1 uses:
Thanks for your response.
I ever tried to install with the standard certificates and reinstall in keeping them but i always have the same. But never didn't have this windows during the installation :
And the directory "c:\ProgramData\VMware\SingleSignOn\SSL" doesn't exist. I always installed a basic SigleSignOn.
vCenter 5.0 seems to store his certificates in "C:\Program Files\VMware\Infrastructure\Inventory Service\ssl" and vCenter 5.1 in "C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl"
I also remark that open a default certificate of vCenter 5.1 take around 15 second in compare to a default certificate of vCenter 5.0 that open instantly.
Below the certificate of vCenter 5.0 and next 5.1.
5.0 uses sha1 and 5.1 uses sha256.
Ce message a été modifié par: goyer
A couple of things:
1) In my blog post I mention that VMware does not create c:\ProgramData\VMware\SingleSignOn\SSL, but that you need a place to keep the SSO SSL certificates since the service needs continuous access. So that's a directory I used to put the SSL certificates, but you could put them some place else for safe keeping. At first I thought it just copied the certificates into the database and didn't need continuous access, but that's not the case.
2) You are correct about where 5.1 looks for the inventory service SSL certificates, which is not the same as 5.0
3) 5.1 also uses SHA256 for the certificates, as that is more secure, so that is normal to see
4) I always use the "HA" installation mode for the SSO service, so maybe that's why you don't see the Administrator dialog box. I've never installed the SSO service in non-HA mode.
Well guys, everything looks simpler than you think.
If anyone is still looking for a solution to this problem then just simply remove the tick from "This administrator is a user group" (use goyer's 14th post as an example) and write a proper user name like: Administrator@[yourdomain]
That should help, at least it did for me.
I used the new release of vcenter 5.1.0a for resolve this problem.
- Backup database
- Uninstall vCenter
- Remove database and all certificates
- Install vCenter with new database
- Uninstall vCenter
- Remove new database
- Restore your database
- Install vCenter (with new certificate)
After more than 2 weeks trying to install with this error i gave up installing it the way a want (upgrade vCenter 5.0 to 5.1 on the same machine)
Installing with new machine (in parallel), local SSO database, and new Inventory Service, works fine.
Migrate hosts process don't stop virtual machines.
The resolution for the 26002 Vcenter setup failure and roll back installation result, there should be 3 rui.key, rui.crt and rui.pfx under the directory C:\ProgramData\VMware\Infrastructure\Inventory Service\ssl\.
Just selet them and install the certifications then re-run the Vcenter installation piece.