Hi all,
After upgrading our ESX host from 6.0 to VMware ESXi 6.7.0 build-17167734, the component sfcb-HTTPS-Daem will no longer start.
Services are started and ports open via ESX firewall (Screenshot attached) but the HTTPS component doesn't want to run:
[root@localhost:~] /etc/init.d/sfcbd-watchdog test
sfcbd-init: Checking core components of sfcbd are running...
sfcbd-init: Component sfcb-ProviderMa is running.
sfcbd-init: Component sfcb-HTTP-Daemo is running.
sfcbd-init: Component sfcb-HTTPS-Daem not running, Restarting sfcbd.
sfcbd-init: Invoked kill 3072488
sfcbd-init: stop sfcbd process completed.
/etc/init.d/sfcbd-watchdog: line 88: sfcb_restart_init: not found
sfcbd-init: starting sfcbd
sfcbd-init: Waiting for sfcb to start up.
sfcbd-init: Program started normally.
When I check whats listening using esxcli network ip connection list, 5988 is active and listening - no 5989.
When I look at the ESX syslog we get the below lines:
2020-12-15T09:15:38Z sfcb-HTTPS-Daemon[3070537]: file: /build/mts/release/bora-16874034/cayman_sfcb/sfcb/src/httpAdapter.c line 2024, complete, ssl process exiting exit code 56.
2020-12-15T09:15:38Z sfcb-ProviderManager[3067705]: handleSigChld:168045376 provider terminated, pid=3070537, exit=56 signal=0
2020-12-15T09:15:38Z sfcb-ProviderManager[3070539]: setupControl: ignoring invalid control statement at line 11.
2020-12-15T09:15:38Z sfcb-HTTPS-Daemon[3070539]: Error locating the client trust store
I see someone has complained of a similar problem HERE but no outcome.
Any one have any suggestions or seen this before? We're unable to monitor our hardware using a python script as a result.
Thanks all.
Found the fix over on reddit, ran this command:
/sbin/generate-certificates
Service started immediately and 5989 was listening again.
2020-12-15T09:15:38Z sfcb-HTTPS-Daemon[3070537]: file: /build/mts/release/bora-16874034/cayman_sfcb/sfcb/src/httpAdapter.c line 2024, complete, ssl process exiting exit code 56.
Based on the above, it looks like an issue loading some file or code issue. Have you opened a SR with GSS?
thanks,
MS
Hi MS,
Thanks for the reply, we unfortunately don't have any paid support so haven't opened an SR.
Hi,
Is it happening with all ESXi 6.7 boxes and different hardwares as well in the environment?
thanks,
MS
Hi MS,
We only have this one host in the environment unfortunately, rest are Hyper-V so not able to test upgrade anything else.
ok thank you. Have you used the custom iso shared by the vendor or vmware standard iso?
thanks,
MS
This was direct from VMWare using an image profile:
ESXi-6.7.0-20201104001-standard
The harware is Dell and was on a Dell customised 6.0 version before the upgrade.
Could you try using the Dell custom image and let us know if that makes any difference?
thanks,
MS
Thanks MS, we're in a change freeze just now so won't be able to try that until the New Year but thanks for the suggestion.
Found the fix over on reddit, ran this command:
/sbin/generate-certificates
Service started immediately and 5989 was listening again.
What is the impact and side effects of running /sbin/generate-certificates command ? Is it okay to run this command on ESXi host in production environment? Is there any other way to solve this issue?