VMware Cloud Community
curtisbob2
Contributor
Contributor
‎09-21-2020 03:05 PM

VCenter Appliance will not start

My story is some what similar to this post here

VCenter Appliance - Esx Agent Manager fails to start (vmware.thread 586245)

was getting error 503 when trying to brows to the vCenter ui. Stumbled across this KB article

     VMware Knowledge Base

          Discovered that my root passwrd was expired and the Log file was to large. Followed those steps and was able to get vmware-vpostgres to start.

then the Vmware-invsvc now failed to start. searched and found

     and was now getting LDAP 49 error and used the steps in this KB article (VMware Knowledge Base )to reset my account credentials.

vmware-invsvc still wouldn't start now because i noticed my SSL cert had expired (yeah.. set it and forget it i know....) so I found this KB article (VMware Knowledge Base )to reset that.

look all I want to do is upgrade to 6.5. I am at my end with this thing. And I don't know what to do. any guidance would be appreciated.

I am attaching some logs if you need more let me know.

wraper log.txt.zip
vmdird-syslog log.txt.zip
inv-svc log.txt.zip
0 Kudos
4 Replies
Lalegre
Virtuoso
Virtuoso
‎09-21-2020 11:46 PM

Hello curtisbob2​,

I went through your logs but all of them are showing LDAP errors to connect over port 636 and SSL errors but you said you already fixed this. Are these the last status of your logs?

What was the result after resetting the expired Machine Account password? Also you mention that your certificate is expired, have you renewed the Machine SSL certificate for vCenter Server?

0 Kudos
curtisbob2
Contributor
Contributor
‎09-22-2020 08:18 AM

this is interesting.. you are correct these are not the current logs.. sorry I don't know how I got these old ones.... so i am working on getting the new ones. and I will get back to you on this.. thank you for your quick response.

0 Kudos
curtisbob2
Contributor
Contributor
‎09-22-2020 10:32 AM

alright so you are correct my SSL is still having problems and such.

2020-09-22T17:21:19.441Z [WrapperListener_start_runner  INFO  com.vmware.cis.lotus.LotusLocator  opId=] Successfully refreshed machine account credentials

2020-09-22T17:21:19.451Z [WrapperListener_start_runner  ERROR com.vmware.identity.interop.ldap.LinuxLdapClientLibrary  opId=] certificate expired at [Sun Sep 06 07:21:32 UTC 2020]

2020-09-22T17:21:19.452Z [WrapperListener_start_runner  WARN  com.vmware.identity.interop.ldap.LdapErrorChecker  opId=] Error received by LDAP client: com.vmware.identity.interop.ldap.LinuxLdapClientLibrary, error code: -1

2020-09-22T17:21:19.452Z [WrapperListener_start_runner  ERROR com.vmware.cis.lotus.LdapUtils  opId=] Failed to connect to LDAP; uri: ldaps://10.10.10.60:636

however I when I try the following : VMware Knowledge Base

I get a failure and it directs me to the Certificate-manager.log. in side i have:

2020-09-22T16:58:51.159Z ERROR certificate-manager 'lstool reregister' failed: 1

Searching i find this  KB article VMware Knowledge Base and it directs me to do a work around which directs me to login to the web interface so..... I guess i can not update my Certificiate?

I feel like I just stepped on spider egg and all the problems just Scattered everywhere. one problem leads to another problem and another.

This now makes me question, can i just remove my ESXI's from this vcenter (I only have 3) and start over or do I have to have this thing running to remove them?

0 Kudos
Lalegre
Virtuoso
Virtuoso
‎09-22-2020 10:14 PM

Hey

Of course you can remove your ESXis but if you have many configurations you will need to do them again also you will need to know that some configurations are managed using vCenter such as VDS or external tools pointing to vCenter Server so if you remove the ESXis you will need to do those further configurations and when you move them all your VMs change their MoRefID so any app will treat this as a new VM.

You are quite close so please follow the next KB: VMware Knowledge Base. This is the same one you mentioned before and it does not ask you to login into the Web Interface it asks you to try to renew the Machine SSL and when it fails to check which extension is failing to update.

After getting that extension if it is not a used one you can remove it from the MOB using the article that is in the KB. Remember that after you change the certificate you will need to re-connect all your tools that are connecting to vCenter Server as they will lose SSL Trust.

0 Kudos