1 2 Previous Next 15 Replies Latest reply on Jul 8, 2019 2:42 AM by joselin79

    PSC 6.5 SSL custom cert replacement rolls back at last stage

    kjsdtts Lurker

      Replacing external PSC 6.5 U1 with Microsoft CA certs - they comprise of an Intermediate and Root CA.

      All goes well until the very last stage where Services can't start successfully.

       

      Console error will say:

      Status : 85% Completed [starting services...]

      Error while starting services, please see log for more details

      Status : 0% Completed [Operation failed, performing automatic rollback]

       

      Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.

       

      Performing rollback of Machine SSL Cert...

       

      Checking the certificate-manager.log, I find that there are services that fail to start due to a timeout:

      2017-10-05T05:33:28.195Z INFO certificate-manager Running command :- service-control --start  --all

      2017-10-05T05:33:28.196Z INFO certificate-manager please see service-control.log for service status

      Service-control failed. Error Failed to start vmon services.vmon-cli RC=1, stderr=Failed to start sca, cm, vapi-endpoint services. Error: Operation timed out

       

      2017-10-05T05:41:26.324Z ERROR certificate-manager None

      2017-10-05T05:41:26.325Z ERROR certificate-manager Error while starting services, please see log for more details

      2017-10-05T05:41:26.325Z ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.

      2017-10-05T05:41:26.325Z ERROR certificate-manager {

          "resolution": null,

          "detail": [

              {

                  "args": [

                      "None"

                  ],

                  "id": "install.ciscommon.command.errinvoke",

                  "localized": "An error occurred while invoking external command : 'None'",

                  "translatable": "An error occurred while invoking external command : '%(0)s'"

              },

              "Error while starting services, please see log for more details"

          ],

          "componentKey": null,

          "problemId": null

      }

      2017-10-05T05:41:26.326Z INFO certificate-manager Performing rollback of Machine SSL Cert...

       

       

      There was a KB with something similar but this isn't an error while publishing cert using dir-cli.

      Anyone seen this before?

        1 2 Previous Next