Hi all
I am trying to upgrade a vCenter, and it fails to start services on stage two. This is the topology:
Site A: vCenter 6.7 with external PSC
Site B: vCenter 6.7 pointing to external PSC on Site A
The vCenters are in linked mode, with CA certs.
The firstbootStatus.json has: "failedSteps": "vmafd-firstboot"
and the /var/log/vmware/vmafdd/vmafdd.log has:
Running command: ['/opt/likewise/bin/lqsm', 'status', 'vmdir']
dead
vmafd-firstboot.py_11834_sterr.log contains:
"localized": "An error ocurred while starting service 'VMwareDirectoryService'"
It fails if I try to converge the vCenter and external PSC first. All DNS entries (forward and reverse) are configured, and the NTP, date, and timezone are the same on all vCenters, hosts, and PSC.
Long story short, log in to the new appliance as soon as it finishes stage 2, step 1. (You'll need to enable bash and ssh from the console). At this point, it should be stuck at Stage 2, Step 2 4%
Run this command: /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]'
If you see this (third line):
+ "AllowInsecureAuthentication" REG_DWORD 0x00000001 (1)
+ "DirtyShutdown" REG_DWORD 0x00000001 (1)
+ "RestoreStatus" REG_DWORD 0x00000003 (3) <=========
"CopyDbBlockWriteInSec" REG_DWORD 0x0000001e (30)
"CopyDbIntervalInSec" REG_DWORD 0x00000000 (0)
"CopyDbWritesMin" RE/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatusG_DWORD 0x00000001 (1)
"DefaultSchema" REG_SZ "/usr/lib/vmware-vmdir/share/config/vmdirschema.ldif"
"EnableFederationHealthManagement" REG_DWORD 0x00000000 (0)
"EnableRename" REG_DWORD 0x00000000 (0)
"EnableSimplifiedReplication" REG_DWORD 0x00000000 (0)
"KdcClockSkew" REG_DWORD 0x0000012c (300)
"KdcMaxLife" REG_DWORD 0x00007080 (28800)
"KdcMaxRenewableLife" REG_DWORD 0x00093a80 (604800)
"KerberosPort" REG_DWORD 0x00000058 (88)
"SslDisabledProtocols" REG_SZ "TLSv1,TLSv1.1"
Then run these two commands:
/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatus
service-control --start vmdird
All that was from VMware support online, so use it at your own risk.
This issue happens when vCenter is unable to connect to PSC (previously) configured OR the DNS records (forward/reverse) of either PSC or vCenter aren’t configured correctly. In this situation, you can’t start vCenter services but the server can be accessed using SSH in configured during installation.
Using SSH take SSH to vCenter & PSC. Verify forward look up & reverse look up return correct results.
Check following KB:
I verified the forward and reverse resolution, and it is working. That was exactly the first troubleshooting step that VMware recommended.
Long story short, log in to the new appliance as soon as it finishes stage 2, step 1. (You'll need to enable bash and ssh from the console). At this point, it should be stuck at Stage 2, Step 2 4%
Run this command: /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]'
If you see this (third line):
+ "AllowInsecureAuthentication" REG_DWORD 0x00000001 (1)
+ "DirtyShutdown" REG_DWORD 0x00000001 (1)
+ "RestoreStatus" REG_DWORD 0x00000003 (3) <=========
"CopyDbBlockWriteInSec" REG_DWORD 0x0000001e (30)
"CopyDbIntervalInSec" REG_DWORD 0x00000000 (0)
"CopyDbWritesMin" RE/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatusG_DWORD 0x00000001 (1)
"DefaultSchema" REG_SZ "/usr/lib/vmware-vmdir/share/config/vmdirschema.ldif"
"EnableFederationHealthManagement" REG_DWORD 0x00000000 (0)
"EnableRename" REG_DWORD 0x00000000 (0)
"EnableSimplifiedReplication" REG_DWORD 0x00000000 (0)
"KdcClockSkew" REG_DWORD 0x0000012c (300)
"KdcMaxLife" REG_DWORD 0x00007080 (28800)
"KdcMaxRenewableLife" REG_DWORD 0x00093a80 (604800)
"KerberosPort" REG_DWORD 0x00000058 (88)
"SslDisabledProtocols" REG_SZ "TLSv1,TLSv1.1"
Then run these two commands:
/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatus
service-control --start vmdird
All that was from VMware support online, so use it at your own risk.
Thx for the hint. Didn't know that