Hi daphnissov,

I followed your advice and went ahead with the migration to the vCSA.

Guess what...it failed when the vpxd service was starting on the vCSA. The vpxd.log shows the exact same error (see snippet below) as with the in-place upgrade on Windows.

Is there any way I can get rid of this bad certificate and perform the migration?

2017-11-17T19:34:57.994Z info vpxd[7FDDB82FA800] [Originator@6876 sub=VpxdAuthClient] fallback to loginByCertificate

2017-11-17T19:34:57.997Z error vpxd[7FDDB82FA800] [Originator@6876 sub=ServerAccess] Remote login failed: N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:

--> PeerThumbprint: 55:4D:D3:28:89:07:A6:9D:2A:02:85:41:61:BE:89:0F:16:92:9B:E0

--> ExpectedThumbprint:

--> ExpectedPeerName: localhost

--> The remote host certificate has these problems:

-->

--> * Host name does not match the subject name(s) in certificate.

-->

--> * unable to get local issuer certificate)

--> [context]zKq7AVECAAAAADWhbAANdnB4ZAAAeF4rbGlidm1hY29yZS5zbwAAEBcbAMppGABW5BsAMVciAD4kIgBxKCIAy+AjAEesIwAuryMAN7crAVR0AGxpYnB0aHJlYWQuc28uMAACHYwObGliYy5zby42AA==[/context]

2017-11-17T19:34:57.998Z error vpxd[7FDDB82FA800] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(vmodl.fault.HostCommunication)

--> [context]zKq7AVECAAAAADWhbAATdnB4ZAAAeF4rbGlidm1hY29yZS5zbwAAEBcbAMppGAEO01R2cHhkAAGAImIB9g72AdaiogHhjaICuBYBbGliYXV0aHpjbGllbnQuc28AAthIAQLwTgECytoBAkjQAQHGAaEBCvJUATj7VAFqnlMD4AUCbGliYy5zby42AAF1llM=[/context]>

2017-11-17T19:34:58.000Z error vpxd[7FDDB82FA800] [Originator@6876 sub=Default] Failed to instantiate AuthzStorageProvider: N5Vmomi5Fault17HostCommunication9ExceptionE(vmodl.fault.HostCommunication)

--> [context]zKq7AVECAAAAADWhbAATdnB4ZAAAeF4rbGlidm1hY29yZS5zbwAAEBcbAMppGAEO01R2cHhkAAGAImIB9g72AdaiogHhjaICuBYBbGliYXV0aHpjbGllbnQuc28AAthIAQLwTgECytoBAkjQAQHGAaEBCvJUATj7VAFqnlMD4AUCbGliYy5zby42AAF1llM=[/context]

2017-11-17T19:34:58.002Z error vpxd[7FDDB82FA800] [Originator@6876 sub=Authorize] Failed to initialize authorizeManager

2017-11-17T19:34:58.002Z warning vpxd[7FDDB82FA800] [Originator@6876 sub=VpxProfiler] Start [VpxdAuthorize::Start()] took 193495 ms

2017-11-17T19:34:58.002Z warning vpxd[7FDDB82FA800] [Originator@6876 sub=VpxProfiler] ServerApp::Start [TotalTime] took 196879 ms

2017-11-17T19:34:58.002Z error vpxd[7FDDB82FA800] [Originator@6876 sub=Default] Failed to start VMware VirtualCenter. Shutting down

2017-11-17T19:34:58.002Z info vpxd[7FDDB82FA800] [Originator@6876 sub=SupportMgr] Wrote uptime information

2017-11-17T19:36:58.004Z info vpxd[7FDDB82FA800] [Originator@6876 sub=Default] Forcing shutdown of VMware VirtualCenter now

Thanks again,

Erwin

What certificate is generated for vcenter 6.x? Is it machine ssl?

Can you check the SAN field and is the same as the name provided at the time of deployment (PNID).

If the PNID is ip address and you try to update the certificate with FQDN, it may fail to start services.

Thanks,

MS