1 2 Previous Next 17 Replies Latest reply on May 19, 2020 1:31 AM by jstefani

    Upgrade vCenter Server Appliance (VCSA) from 6.5 (6.5.0.23200) to 6.7U2 failed with "Unable to enumerate and validate the root certificates from the TRUSTED_ROOTS VECS store."

    a_sand Lurker

      I have VCSA 6.5 and try to upgrade it to 6.7U2

       

      During migration prerequsites check phase I have error "Unable to enumerate and validate the root certificates from the TRUSTED_ROOTS VECS store. Make sure that the vmafd service is reachable and started before continuing."

       

      I have check cert store on new VCSA installation by:

       

      service-control --status certificatemanagement

       

      The service is running

       

      Then I check cert store by "vecs-cli store list" and get "Unable to connect to vmafd service"

       

      Then I check syslog and found

       

      Error opening Certificate /etc/vmware/vmware-vmafd/machine-ssl.crt

      140367761127064:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/etc/vmware/vmware-vmafd/machine-ssl.crt','r')

      140367761127064:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:

      unable to load certificate

      Mon, 29 Apr 2019 09:44:24 +0000 [ERROR] CA file /etc/ssl/certs/.0 not found

       

      How I can generate machine-ssl.crt ?

       

      PS I cannot use certificate-manager as I cannot authenticate as administrator@vsphere.local at this point of time.

       

      UPD: I have copied /etc/vmware/vmware-vmafd/* from old VCSA but without success. "vecs-cli store list" still cannot connect to vmafd service

       

      Сообщение отредактировано: a_sand

        1 2 Previous Next