VMware Cloud Community
notas
Contributor
Contributor

VCSA 6.5 update manager stopped after Certificate Renew

We tried to change VCSA 6.5 SSL certificate with Signed Internal PKI certificate but it's not working.

After that we resetted Certificates and applied a new self-signed VCSA certificate.

Now we have a problem with update manage service stopped and don't want to start.

Error log when we trying to start it :

Perform start operation. vmon_profile=None, svc_names=['vmware-updatemgr'], include_coreossvcs=False, include_leafossvcs=False

2018-02-08T14:58:08.299Z   Service updatemgr state STOPPED

Error executing start on service updatemgr. Details {

    "resolution": null,

    "detail": [

        {

            "args": [

                "updatemgr"

            ],

            "id": "install.ciscommon.service.failstart",

            "localized": "An error occurred while starting service 'updatemgr'",

            "translatable": "An error occurred while starting service '%(0)s'"

        }

    ],

    "componentKey": null,

    "problemId": null

}

Service-control failed. Error {

    "resolution": null,

    "detail": [

        {

            "args": [

                "updatemgr"

            ],

            "id": "install.ciscommon.service.failstart",

            "localized": "An error occurred while starting service 'updatemgr'",

            "translatable": "An error occurred while starting service '%(0)s'"

        }

    ],

    "componentKey": null,

    "problemId": null

updatemgr-utility.log :

2018-02-08 14:58:10,545 ERROR] CM ReRegisterService failure. Exception is (vmodl.fault.InvalidArgument) {

   dynamicType = <unset>,

   dynamicProperty = (vmodl.DynamicProperty) [],

   msg = 'Field endpoint.ssltrust cannot be longer than 4096, value set to: MIIVATCCEumgAwIBAgITTgAAEYzwhUY75+dEng.....

   faultCause = <unset>,

   faultMessage = (vmodl.LocalizableMessage) [],

   invalidProperty = <unset>

}

[2018-02-08 14:58:10,545 ERROR] Unable to update CM service info

Somebody know how can i fix this problem ?

2 Replies
matthewmagbee
Contributor
Contributor

I was attempting to change the SSL certificate I waited for the script to start the phase where it is stopping the services and then I killed the script, yes I do confirm I killed the utility! Then after validating that all the services were stopped I rebooted the vCenter Server.I was almost sure that this is going to break the vCenter Server or at least it is going to forcefully attempt the certificate rollback somehow, once the server got back online and I waited for all the services to start successfully I attempted accessing the vSphere Web Client and you know what! It actually worked %) I restarted the vCenter Server a couple of times just to make sure that everything is stable and every time I was able to access the vSphere Web Client and my signed SSL certificate was being used without any issues.

Reply
0 Kudos
Vijay2027
Expert
Expert

In my case following the below steps resolved the issues.

Press ctrl+c when services are starting (85%)

/usr/lib/vmware-updatemgr/bin/updatemgr-util refresh-certs

/usr/lib/vmware-updatemgr/bin/updatemgr-util register-vc

Reboot vcsa