Hi,
We are attempting a 6.7 - > 7.0 vcsa upgrade.
Our pre-upgrade check fails, similar to what's discussed here? Error when upgrading from VCSA 6.7 to 7.0
When we try the solution from this KB VMware Knowledge Base we are getting an error on this command
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store STS_INTERNAL_SSL_CERT --alias __MACHINE_CERT > /var/tmp/sts_internal_backup.crt
Error: Failed to open the store.
vecs-cli failed. Error 4312: Possible errors:
LDAP error: Unknown (extension) error
Win Error: Operation failed with error ERROR_OBJECT_NOT_FOUND (4312)
Any help is greatly appreciated!
Thanks
Edit:
/usr/lib/vmware-vmafd/bin/vecs-cli store list
MACHINE_SSL_CERT
TRUSTED_ROOTS
TRUSTED_ROOT_CRLS
machine
vsphere-webclient
vpxd
vpxd-extension
SMS
APPLMGMT_PASSWORD
data-encipherment
BACKUP_STORE
Hi nettech1,
On the source machine I would request you to run the following script :
Copy the file to lstool scripts folder.
For vCSA :
vCenter 6.x - /usr/lib/vmidentity/tools/scripts
Run the below commands:
# python ls_ssltrust_fixer.py -f scan
#python ls_ssltrust_fixer.py -f fix
This will fix if there are any SSL trust mismatch in lookup service registration.
Regards,
Sudeshna Sarkar
Install-Upgrade Specialist
_______________________________________________________________________________________________________
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"
Moderator: Thread moved to the vSphere Upgrade & Install area.
How does this relate to your other thread started today?
vcenter 6.7 -> 7.0 upgrade is stuck
Which of these 2 problems do you currently have?
scott28tt It is directly related.
Removing software_update_state.conf as suggested here VMware Knowledge Base throws me back in the loop
"back in the loop” as in the issue in this thread is now resolved?
no it's not resolved
As this is the pre-check, I would expect you to need to get this issue resolved before you start with the topic in your other thread.
Is this the SAME issue?
Error while replacing Machine SSL Cert, please see certificate-manager.log
Hi nettech1,
On the source machine I would request you to run the following script :
Copy the file to lstool scripts folder.
For vCSA :
vCenter 6.x - /usr/lib/vmidentity/tools/scripts
Run the below commands:
# python ls_ssltrust_fixer.py -f scan
#python ls_ssltrust_fixer.py -f fix
This will fix if there are any SSL trust mismatch in lookup service registration.
Regards,
Sudeshna Sarkar
Install-Upgrade Specialist
_______________________________________________________________________________________________________
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"
found a link to download the script here
https://vmind.ru/2020/07/29/obnovlenie-vmware-vcenter-s-versii-6-7-do-7-0/
after fixing the certs and restarting the upgrade process. we are getting a different error
Error
Resolution
hi nettech1,
I have attached the script in my previous reply.
Please download the attachement and proceed.
Regards,
Sudeshna Sarkar
Install-Upgrade Specialist
running ls_ssltrust_fixer.py and rebooting vcsa resolved all errors ex experienced during upgrade
Hi nettech1,
Please mark the answer as correct if it has helped you to resolve the issue.
Regards,
Sudeshna Sarkar
Install-Upgrade Specialist
Hi I'm trying to run that script, the scan part works fine but when i try the fix it asks for the sso administrator, which i enter, and then it ends with an invalid syntax.
Hi Section32
I have the same issue as you. Did you find a solution in the end ?
Hope you can help
Thank You
Chris
I had to open a support case, this script can really mess things up if not run properly or on the right system. They were a bit surprised that it was available as it shouldn't be too the general public
Just an FYI for anyone trying this method (which worked for me so thanks! @sudeshnas :
The folder name is correct, but the file name will need to be updated to include the "_p3"
There is an invalid syntax error around line 297 where the script gets creds. I'm not a strong python guy, so I just hardcoded the credentials wrapped in "" but I imagine someone smarter than me can fix that pretty simply.
If you're unfamiliar with how to save the file to the scripts directory, you can use (something like) WinSCP to SFTP to your vcsa and save the file
Before attempting to run the fix commands, be sure to change the directory (cd /usr/lib/vmidentity/tools/scripts)
Again, thanks for the fix! I like to make it super simple so apologies for dumbing the process down.
Thanks FEWjmiller ... got it working editing script.
you need to go at line 297 and change with your SSO administrator FQDN
also remember to put your credentials between ""