Hello guys,
Yeasterday I deployed new VCSA and moved existing ESX servers to it. Then I shut down old vCenter and changed IP and hostname of new VCSA to IP/hostname that was previously set on old vCenter.
After restart, there is usual problem with incorrect certificate, so I checked "Toggle certificate setting" in VCSA administration on https port 5480. After reboot system stays on:
Hostname or IP has changed. Regenerating the self-signed certificates.
Starting VMware vPostgres: ok
Waiting for the embedded database to start up: .[OK]
SSH and web UI does not work, but system is not frozen. I can access Alt-F10 virtual console that shows only NIC link status.
Failsafe mode also does not work, only solution is to revert to snapshot.
I tried to deploy same VCSA in our testing vSphere infrastructure and tried to do exactly same configuration - same problem.
Any ideas will be welcome
Regards,
Rudolf
I eventually found solution
Set "Toggle certificate setting" to ON from web UI or by creating file:
vcenter:~ # touch /etc/vmware-vpx/ssl/allow_regeneration
Stop all vmware-* services except vmware tools or switch to runlevel 2:
vcenter:~ # init 2
This will trigger same bash function that creates certificates on reboot with "Toggle certificate setting" ON:
vcenter:~ # source vpxd_commonutils; regenerate_certificates
script checks if existing certificate is self signed and if you have different hostname than specified in cert.
If you want to regenerate certificates without checking:
vcenter:~ # source vpxd_commonutils; generate_all_certificates replace
scripts MUST end with VC_CFG_RESULT=0, if not, check if vmware services are stopped
Set "Toggle certificate setting" to OFF or:
vcenter:~ # rm /etc/vmware-vpx/ssl/allow_regeneration
vcenter:~ # reboot
Nice. I've been going nuts on this.
How did you get your original vcsa to boot to command prompt after it started locking?
I had to revert to snapshot.
Possible solution is to shutdown appliance, mount vmdk to some Linux system and delete /etc/vmware-vpx/ssl/allow_regeneration file .... but I did not try this
oh yeah, snapshot. I did that, because only a noob would mess with vcenter without taking a snapshot...
A new vcsa anyway. good advice on mounting the vmdk. Thanks for the quick reply.
J
Success story: I booted with an Ubuntu disc into rescue mode, mounted the VCSA filesystems manually (I believe /dev/sda3 is the root partition) and deleted /etc/vmware-vpx/ssl/allow_regeneration. Rebooted the system and everything was running perfectly again.
You definitively save my life! I've been searching and searching a solution but nothing appeared until I've found your fix!
Many thanks!
It's not necessary to boot from a LiveCD or linux rescue disc.
When the appliance starts, the GRUB boot loader shows briefly.
This will cause the appliance to boot in init level 1 (or single-user maintenance mode). From here, the root password will get you into the console where you can delete /etc/vmware-vpx/ssl/allow_regeneration. Reboot the server when you're done with "shutdown -r now". It shouldn't be necessary to go back into GRUB to remove the "1" you added earlier.
unbelievable. I did it again. thanks for the moves on vcsa boot.
Guys,
It's not required to have a snapshot.
Please restart your system - once you will get grub screen - click 'p' - provide you password for admin. Once it's done - you can edit grub configuration and boot system in a single user mode (just add word 'single' at the end of middle line). Your system will boot and you can remove below mentioned file. Reboot again and… you have your system back. No need for external images or snapshots.
Enjoy!
Regards,
-Artur.