Hi,
I tryed to upgrade my vRA 7.2 to 7.3 from the VAMI UI.
The upgrade failed. Here is wat we can see in the VAMI UI :
Last Install:Failed to install updates(Error while running pre-install scripts and post-install scripts) on Monday, 2017 October 09 17:35:16 UTC+2
VA-check: finished
Pre-install: failed (code p-1)
Cannot start command to install VMware certificate.
RPM Status 1: Pre install script failed, package test and installation skipped.
Post-install: failed
Update failed (code 1-1). Check logs in /opt/vmware/var/log/vami or retry update later.
And when checking the log i have the follwing :
+ echo '2017-10-09 15:34:59 /etc/bootstrap/preupdate.d/00-00-03-upgrade-management-agents starting...'
+ /etc/bootstrap/preupdate.d/00-00-03-upgrade-management-agents 7.2.0.381 7.3.0.536
Current version is 7.2.0.381
Found 1 IaaS nodes with ids: 69A6FA97-B0C7-423E-9F57-6B1F2501225B
The new version for iaas nodes is: 7.3.0.10750
Nodes to upgrade the management agent on: 69A6FA97-B0C7-423E-9F57-6B1F2501225B
Trying to upgrade management agent
Installing VMware certificate on IaaS machine
Cannot start command to install VMware certificate.
+ res=1
+ echo 'Script /etc/bootstrap/preupdate.d/00-00-03-upgrade-management-agents failed, error status 1'
I go into the upgrade-management-agent script and in the python script, and see that it's trying to execute a remote powershell on the IAAS to install the certificate.
print "Trying to upgrade management agent"
if old_version_numbers[0] == 7 and old_version_numbers[1] <= 3:
print "Installing VMware certificate on IaaS machine"
certificate = ""
with open('/opt/vmware/share/htdocs/service/iaas/download/scripts/PsScriptSignCert.pem', 'r') as certificate_file:
certificate = certificate_file.read()
arguments = ["/usr/sbin/vcac-config", "command-start",
"--command", "install-certificate",
"--parameter", "CertificateBase64String=%s" % certificate,
"--parameter", "StoreNames=TrustedPublisher",
"--parameter", "StoreLocation=CurrentUser"]
wait_for_command_to_finish(arguments, filtered_ids,
"Cannot start command to install VMware certificate.",
I also check if executing remote scripting with powershell was allowed or not and execution is set to unrestricted
When checking the IAAS log, i found the following entry telling that the certificates were successfully installed.
I raised a ticket #17592660610 to support last monday and we do webex, but nothing since monday
If anyone has some idea, tells me 🙂
thanks
Does the service account that you're using for the management agent have restricts as imposed by GPO? When I've seen a similar situation in the past, it was due to that domain account not having software install and other permissions.
That's a good point to check.
Let me check...