6 Replies Latest reply on May 19, 2020 11:40 AM by Virtbay

    vCenter fails to start after certificate replacement

    snikers Novice

      Using vcenter 6.7 Administration - > Certificates have added root CA certificate of Letsencrypt and replaced Machine certificate with signed one provide certificate and key

       

      After reboot vcenter doesn`t start anymore:

       

      2019-12-19T17:22:23.429Z info vpxd[05606] [Originator@6876 sub=ThreadPool] Entering worker thread loop
      2019-12-19T17:22:23.430Z info vpxd[05605] [Originator@6876 sub=ThreadPool] Thread enlisted
      2019-12-19T17:22:23.430Z info vpxd[05605] [Originator@6876 sub=ThreadPool] Entering worker thread loop
      2019-12-19T17:22:23.459Z error vpxd[05321] [Originator@6876 sub=Main opID=CheckCertificateExpiry-6058ed8] Unable to get certificate count for APPLMGMT_PASSWORD from VECS localhost, error: 0
      2019-12-19T17:22:23.548Z info vpxd[05332] [Originator@6876 sub=ThreadPool] Spawning additional worker - allocated: 144, idle: 19
      2019-12-19T17:22:23.553Z info vpxd[05617] [Originator@6876 sub=ThreadPool] Thread enlisted
      2019-12-19T17:22:23.553Z info vpxd[05617] [Originator@6876 sub=ThreadPool] Entering worker thread loop
      2019-12-19T17:22:23.572Z warning vpxd[05113] [Originator@6876 sub=LSClient] Caught exception while getting service with Id :e2136204-f25b-4a2b-a5ac-67b473cfd253. N7Vmacore9ExceptionE(Cannot initialize service registration stub)
      --> [context]zKq7AVECAAAAAGC34QAOdnB4ZAAA4AArbGlidm1hY29yZS5zbwAAWCUbABWWGAH5kWV2cHhkAAHOlWUB9qFlASkvoAIqhQJsaWJhdXRoemNsaWVudC5zbwABvdeeAToJVAGKaFQBGcZSA5AFAmxpYmMuc28uNgABpb5S[/context]
      2019-12-19T17:22:23.573Z warning vpxd[05113] [Originator@6876 sub=LSClient] Caught exception while retrieve endpoint. N7Vmacore9ExceptionE(Cannot initialize service registration stub)
      --> [context]zKq7AVECAAAAAGC34QAPdnB4ZAAA4AArbGlidm1hY29yZS5zbwAAWCUbABWWGAH5kWV2cHhkAAE4l2UBKJllASuiZQEpL6ACKoUCbGliYXV0aHpjbGllbnQuc28AAb3XngE6CVQBimhUARnGUgOQBQJsaWJjLnNvLjYAAaW+Ug==[/context]
      2019-12-19T17:22:23.574Z warning vpxd[05113] [Originator@6876 sub=LSClient] endpoint not found for Product: com.vmware.cis, Type: cs.inventory
      2019-12-19T17:22:23.574Z warning vpxd[05113] [Originator@6876 sub=LSClient] Caught exception while getting service with Id :e2136204-f25b-4a2b-a5ac-67b473cfd253. N7Vmacore9ExceptionE(Cannot initialize service registration stub)
      --> [context]zKq7AVECAAAAAGC34QAOdnB4ZAAA4AArbGlidm1hY29yZS5zbwAAWCUbABWWGAH5kWV2cHhkAAHOlWUB9qFlASkvoAI3hQJsaWJhdXRoemNsaWVudC5zbwABvdeeAToJVAGKaFQBGcZSA5AFAmxpYmMuc28uNgABpb5S[/context]
      2019-12-19T17:22:23.575Z warning vpxd[05113] [Originator@6876 sub=LSClient] Caught exception while retrieve endpoint. N7Vmacore9ExceptionE(Cannot initialize service registration stub)
      --> [context]zKq7AVECAAAAAGC34QAPdnB4ZAAA4AArbGlidm1hY29yZS5zbwAAWCUbABWWGAH5kWV2cHhkAAE4l2UBKJllASuiZQEpL6ACN4UCbGliYXV0aHpjbGllbnQuc28AAb3XngE6CVQBimhUARnGUgOQBQJsaWJjLnNvLjYAAaW+Ug==[/context]
      2019-12-19T17:22:23.597Z warning vpxd[05113] [Originator@6876 sub=LSClient] endpoint not found for Product: com.vmware.cis, Type: cs.inventory
      2019-12-19T17:22:23.718Z warning vpxd[05113] [Originator@6876 sub=VpxdAuthClient] [ConnectAndLogin] Failed to loginBySamlToken: N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
      --> PeerThumbprint: 49:68:90:15:2C:75:C6:7C:C7:B4:55:EB:87:E2:E6:29:92:21:A8:72
      --> ExpectedThumbprint:
      --> ExpectedPeerName: localhost
      --> The remote host certificate has these problems:
      -->
      --> * Host name does not match the subject name(s) in certificate.)
      --> [context]zKq7AVECAAAAAGC34QANdnB4ZAAA4AArbGlidm1hY29yZS5zbwAAWCUbAP6dGACeQCIAaXEiABtFIgDTSSIAOaIjAHFvIwA6ciMAnVYrAdRzAGxpYnB0aHJlYWQuc28uMAAC3Y4ObGliYy5zby42AA==[/context]
      2019-12-19T17:22:23.719Z info vpxd[05113] [Originator@6876 sub=VpxdAuthClient] fallback to loginByCertificate
      2019-12-19T17:22:23.729Z error vpxd[05113] [Originator@6876 sub=ServerAccess] Remote login failed: N7Vmacore3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:
      --> PeerThumbprint: 49:68:90:15:2C:75:C6:7C:C7:B4:55:EB:87:E2:E6:29:92:21:A8:72
      --> ExpectedThumbprint:
      --> ExpectedPeerName: localhost
      --> The remote host certificate has these problems:
      -->
      --> * Host name does not match the subject name(s) in certificate.)
      

      When resetting certificates using /usr/lib/vmware-vmca/bin/certificate-manager it works again

      There is no ESXi host connected to vCenter just in case...