VMware Cloud Community
speakerbox1441
Contributor
Contributor
Jump to solution

CIM Server problems after upgrade to 6.7 (5989 not listening)

Hi all,

After upgrading our ESX host from 6.0 to VMware ESXi 6.7.0 build-17167734, the component sfcb-HTTPS-Daem will no longer start. 

Services are started and ports open via ESX firewall (Screenshot attached) but the HTTPS component doesn't want to run:

 

[root@localhost:~] /etc/init.d/sfcbd-watchdog test
sfcbd-init: Checking core components of sfcbd are running...
sfcbd-init: Component sfcb-ProviderMa is running.
sfcbd-init: Component sfcb-HTTP-Daemo is running.
sfcbd-init: Component sfcb-HTTPS-Daem not running, Restarting sfcbd.
sfcbd-init: Invoked kill 3072488
sfcbd-init: stop sfcbd process completed.
/etc/init.d/sfcbd-watchdog: line 88: sfcb_restart_init: not found
sfcbd-init: starting sfcbd
sfcbd-init: Waiting for sfcb to start up.
sfcbd-init: Program started normally.

 

When I check whats listening using esxcli network ip connection list, 5988 is active and listening - no 5989.

When I look at the ESX syslog we get the below lines:

 

2020-12-15T09:15:38Z sfcb-HTTPS-Daemon[3070537]: file: /build/mts/release/bora-16874034/cayman_sfcb/sfcb/src/httpAdapter.c line 2024, complete, ssl process exiting exit code 56.
2020-12-15T09:15:38Z sfcb-ProviderManager[3067705]: handleSigChld:168045376 provider terminated, pid=3070537, exit=56 signal=0
2020-12-15T09:15:38Z sfcb-ProviderManager[3070539]: setupControl: ignoring invalid control statement at line 11.
2020-12-15T09:15:38Z sfcb-HTTPS-Daemon[3070539]: Error locating the client trust store

 

I see someone has complained of a similar problem HERE but no outcome.

Any one have any suggestions or seen this before? We're unable to monitor our hardware using a python script as a result.

Thanks all.

Reply
0 Kudos
1 Solution

Accepted Solutions
speakerbox1441
Contributor
Contributor
Jump to solution

Found the fix over on reddit, ran this command:

/sbin/generate-certificates

Service started immediately and 5989 was listening again.

View solution in original post

Reply
0 Kudos
10 Replies
msripada
Virtuoso
Virtuoso
Jump to solution

2020-12-15T09:15:38Z sfcb-HTTPS-Daemon[3070537]: file: /build/mts/release/bora-16874034/cayman_sfcb/sfcb/src/httpAdapter.c line 2024, complete, ssl process exiting exit code 56.

Based on the above, it looks like an issue loading some file or code issue. Have you opened a SR with GSS?

thanks,

MS

Reply
0 Kudos
speakerbox1441
Contributor
Contributor
Jump to solution

Hi MS,

Thanks for the reply, we unfortunately don't have any paid support so haven't opened an SR.

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
Jump to solution

Hi,

Is it happening with all ESXi 6.7 boxes and different hardwares as well in the environment?

thanks,

MS

Reply
0 Kudos
speakerbox1441
Contributor
Contributor
Jump to solution

Hi MS,

We only have this one host in the environment unfortunately, rest are Hyper-V so not able to test upgrade anything else.

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
Jump to solution

ok thank you. Have you used the custom iso shared by the vendor or vmware standard iso?

thanks,

MS

Reply
0 Kudos
speakerbox1441
Contributor
Contributor
Jump to solution

This was direct from VMWare using an image profile: 

ESXi-6.7.0-20201104001-standard

The harware is Dell and was on a Dell customised 6.0 version before the upgrade.

Reply
0 Kudos
msripada
Virtuoso
Virtuoso
Jump to solution

Could you try using the Dell custom image and let us know if that makes any difference?

thanks,

MS

Reply
0 Kudos
speakerbox1441
Contributor
Contributor
Jump to solution

Thanks MS, we're in a change freeze just now so won't be able to try that until the New Year but thanks for the suggestion.

Reply
0 Kudos
speakerbox1441
Contributor
Contributor
Jump to solution

Found the fix over on reddit, ran this command:

/sbin/generate-certificates

Service started immediately and 5989 was listening again.

Reply
0 Kudos
sandipt
Contributor
Contributor
Jump to solution

What is the impact and side effects of running  /sbin/generate-certificates command ? Is it okay to run this command on ESXi host in production environment?  Is there any other way to solve this issue? 

Reply
0 Kudos