Hi all,
we experience the exact same errors as documented in KB2151430 while performing an in-place upgrade from vCenter Server 6.0 Update 3c (on windows server 2008R2 with local SQL2012 and embedded PSC) to vCenter Server 6.5 Update 1b
The resolution in KB2151430 is to re-generate the certificates and try again.
When we re-generate the certificates in VMCA the process hangs at 85% when the vpxd service is restarted. This service remains in the 'starting' state but never starts.
We tried using VMCA and internal CA for generating the certs. Certs are good and get accepted by VMCA but the process hangs at 85% with vpxd service in 'starting' state.
Anyone seen this before?
Thanks for your help
Erwin
Have you tried the migration approach to the vCSA? Just in case you haven't heard, Windows vCenters are deprecated and will not be moving forward into the next release, so it's end of the line for them. The recommended path is to the appliance if you can do it.
Hi daphnissov,
I followed your advice and went ahead with the migration to the vCSA.
Guess what...it failed when the vpxd service was starting on the vCSA. The vpxd.log shows the exact same error (see snippet below) as with the in-place upgrade on Windows.
Is there any way I can get rid of this bad certificate and perform the migration?
2017-11-17T19:34:57.994Z info vpxd[7FDDB82FA800] [Originator@6876 sub=VpxdAuthClient] fallback to loginByCertificate
2017-11-17T19:34:57.997Z error vpxd[7FDDB82FA800] [Originator@6876 sub=ServerAccess] Remote login failed: N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
--> PeerThumbprint: 55:4D:D3:28:89:07:A6:9D:2A:02:85:41:61:BE:89:0F:16:92:9B:E0
--> ExpectedThumbprint:
--> ExpectedPeerName: localhost
--> The remote host certificate has these problems:
-->
--> * Host name does not match the subject name(s) in certificate.
-->
--> * unable to get local issuer certificate)
--> [context]zKq7AVECAAAAADWhbAANdnB4ZAAAeF4rbGlidm1hY29yZS5zbwAAEBcbAMppGABW5BsAMVciAD4kIgBxKCIAy+AjAEesIwAuryMAN7crAVR0AGxpYnB0aHJlYWQuc28uMAACHYwObGliYy5zby42AA==[/context]
2017-11-17T19:34:57.998Z error vpxd[7FDDB82FA800] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(vmodl.fault.HostCommunication)
--> [context]zKq7AVECAAAAADWhbAATdnB4ZAAAeF4rbGlidm1hY29yZS5zbwAAEBcbAMppGAEO01R2cHhkAAGAImIB9g72AdaiogHhjaICuBYBbGliYXV0aHpjbGllbnQuc28AAthIAQLwTgECytoBAkjQAQHGAaEBCvJUATj7VAFqnlMD4AUCbGliYy5zby42AAF1llM=[/context]>
2017-11-17T19:34:58.000Z error vpxd[7FDDB82FA800] [Originator@6876 sub=Default] Failed to instantiate AuthzStorageProvider: N5Vmomi5Fault17HostCommunication9ExceptionE(vmodl.fault.HostCommunication)
--> [context]zKq7AVECAAAAADWhbAATdnB4ZAAAeF4rbGlidm1hY29yZS5zbwAAEBcbAMppGAEO01R2cHhkAAGAImIB9g72AdaiogHhjaICuBYBbGliYXV0aHpjbGllbnQuc28AAthIAQLwTgECytoBAkjQAQHGAaEBCvJUATj7VAFqnlMD4AUCbGliYy5zby42AAF1llM=[/context]
2017-11-17T19:34:58.002Z error vpxd[7FDDB82FA800] [Originator@6876 sub=Authorize] Failed to initialize authorizeManager
2017-11-17T19:34:58.002Z warning vpxd[7FDDB82FA800] [Originator@6876 sub=VpxProfiler] Start [VpxdAuthorize::Start()] took 193495 ms
2017-11-17T19:34:58.002Z warning vpxd[7FDDB82FA800] [Originator@6876 sub=VpxProfiler] ServerApp::Start [TotalTime] took 196879 ms
2017-11-17T19:34:58.002Z error vpxd[7FDDB82FA800] [Originator@6876 sub=Default] Failed to start VMware VirtualCenter. Shutting down
2017-11-17T19:34:58.002Z info vpxd[7FDDB82FA800] [Originator@6876 sub=SupportMgr] Wrote uptime information
2017-11-17T19:36:58.004Z info vpxd[7FDDB82FA800] [Originator@6876 sub=Default] Forcing shutdown of VMware VirtualCenter now
Thanks again,
Erwin
What certificate is generated for vcenter 6.x? Is it machine ssl?
Can you check the SAN field and is the same as the name provided at the time of deployment (PNID).
If the PNID is ip address and you try to update the certificate with FQDN, it may fail to start services.
Thanks,
MS