VMware Cloud Community
javierrodz
Contributor
Contributor
‎12-29-2022 06:14 AM
Jump to solution

vCenter 6.7 to 7.0U3 failedSteps: "vmafd-firstboot"

Hi all

I am trying to upgrade a vCenter, and it fails to start services on stage two. This is the topology:

Site A: vCenter 6.7 with external PSC

Site B: vCenter 6.7 pointing to external PSC on Site A

The vCenters are in linked mode, with CA certs.

The firstbootStatus.json has: "failedSteps": "vmafd-firstboot"

and the /var/log/vmware/vmafdd/vmafdd.log has:

Running command: ['/opt/likewise/bin/lqsm', 'status', 'vmdir']
dead

vmafd-firstboot.py_11834_sterr.log contains:
"localized": "An error ocurred while starting service 'VMwareDirectoryService'"

It fails if I try to converge the vCenter and external PSC first. All DNS entries (forward and reverse) are configured, and the NTP, date, and timezone are the same on all vCenters, hosts, and PSC.

Reply
0 Kudos
1 Solution

Accepted Solutions
Zahori
Contributor
Contributor
‎01-23-2023 02:21 PM
Jump to solution

Long story short, log in to the new appliance as soon as it finishes stage 2, step 1. (You'll need to enable bash and ssh from the console). At this point, it should be stuck at Stage 2, Step 2 4%

Run this command: /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]'

If you see this (third line):

+ "AllowInsecureAuthentication" REG_DWORD 0x00000001 (1)
+ "DirtyShutdown" REG_DWORD 0x00000001 (1)
+ "RestoreStatus" REG_DWORD 0x00000003 (3) <=========
"CopyDbBlockWriteInSec" REG_DWORD 0x0000001e (30)
"CopyDbIntervalInSec" REG_DWORD 0x00000000 (0)
"CopyDbWritesMin" RE/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatusG_DWORD 0x00000001 (1)
"DefaultSchema" REG_SZ "/usr/lib/vmware-vmdir/share/config/vmdirschema.ldif"
"EnableFederationHealthManagement" REG_DWORD 0x00000000 (0)
"EnableRename" REG_DWORD 0x00000000 (0)
"EnableSimplifiedReplication" REG_DWORD 0x00000000 (0)
"KdcClockSkew" REG_DWORD 0x0000012c (300)
"KdcMaxLife" REG_DWORD 0x00007080 (28800)
"KdcMaxRenewableLife" REG_DWORD 0x00093a80 (604800)
"KerberosPort" REG_DWORD 0x00000058 (88)
"SslDisabledProtocols" REG_SZ "TLSv1,TLSv1.1"

Then run these two commands:

/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatus

service-control --start vmdird

 

All that was from VMware support online, so use it at your own risk.

www.vwannabe,com

View solution in original post

Reply
0 Kudos
4 Replies
maksym007
Expert
Expert
‎12-30-2022 12:43 AM
Jump to solution

This issue happens when vCenter is unable to connect to PSC (previously) configured OR the DNS records (forward/reverse) of either PSC or vCenter aren’t configured correctly. In this situation, you can’t start vCenter services but the server can be accessed using SSH in configured during installation.

Using SSH take SSH to vCenter & PSC. Verify forward look up & reverse look up return correct results.

Check following KB: 

https://kb.vmware.com/s/article/74678

Reply
0 Kudos
javierrodz
Contributor
Contributor
‎01-03-2023 07:54 AM
Jump to solution

I verified the forward and reverse resolution, and it is working. That was exactly the first troubleshooting step that VMware recommended.

Reply
0 Kudos
Zahori
Contributor
Contributor
‎01-23-2023 02:21 PM
Jump to solution

Long story short, log in to the new appliance as soon as it finishes stage 2, step 1. (You'll need to enable bash and ssh from the console). At this point, it should be stuck at Stage 2, Step 2 4%

Run this command: /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]'

If you see this (third line):

+ "AllowInsecureAuthentication" REG_DWORD 0x00000001 (1)
+ "DirtyShutdown" REG_DWORD 0x00000001 (1)
+ "RestoreStatus" REG_DWORD 0x00000003 (3) <=========
"CopyDbBlockWriteInSec" REG_DWORD 0x0000001e (30)
"CopyDbIntervalInSec" REG_DWORD 0x00000000 (0)
"CopyDbWritesMin" RE/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatusG_DWORD 0x00000001 (1)
"DefaultSchema" REG_SZ "/usr/lib/vmware-vmdir/share/config/vmdirschema.ldif"
"EnableFederationHealthManagement" REG_DWORD 0x00000000 (0)
"EnableRename" REG_DWORD 0x00000000 (0)
"EnableSimplifiedReplication" REG_DWORD 0x00000000 (0)
"KdcClockSkew" REG_DWORD 0x0000012c (300)
"KdcMaxLife" REG_DWORD 0x00007080 (28800)
"KdcMaxRenewableLife" REG_DWORD 0x00093a80 (604800)
"KerberosPort" REG_DWORD 0x00000058 (88)
"SslDisabledProtocols" REG_SZ "TLSv1,TLSv1.1"

Then run these two commands:

/opt/likewise/bin/lwregshell delete_value '[HKEY_THIS_MACHINE\Services\vmdir\Parameters]' RestoreStatus

service-control --start vmdird

 

All that was from VMware support online, so use it at your own risk.

www.vwannabe,com
Reply
0 Kudos
maksym007
Expert
Expert
‎01-23-2023 03:11 PM
Jump to solution

Thx for the hint. Didn't know that

Reply
0 Kudos