View Only

vCenter error - no healthy upstream - Now locked out.

  • 1.  vCenter error - no healthy upstream - Now locked out.

    Posted Apr 11, 2024 11:18 PM

    Going direct to the IP address gives the "no healthy upstream" error. 



    I can use "ttps://1XX.26.2XX.2XX/:5480" and get to the VMware vCenter Server Management page but the original root account has expired. 

    "Exception in invoking authentication handler User password expired."


    If I try the current "...@vsphere.local" account on the same VMware vCenter Server Management page, I get a certificate error.

    "Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)"


    If I try to use PuTTY it fails to connect. There is no console for vCenter or SSH is not enabled?


    So I fear I'm locked out with no way to try any of the many suggestions to fix the "no healthy upstream" error.


    Using this document I was able to reset the root password.


    I found and used the vCert script for vCenter 7.0 Certificate Management Utility (4.13.0).

    The "Check current certificates status" shows just the "Machine SSL certificate" expired.

    I tried the vCert scripts option "Reset all certificates with VMCA-signed certificates" and then the "Check current certificates status" and everything came back a Valid, OK and Matches but I still get this error trying to launch the vsphere client.

    Hmmm… can't reach this page
    It looks like the webpage at .... might be having issues, or it may have moved permanently to a new web address.



    Ok, apparently it’s been working locally since I used the vCert option “Reset all certificates with VMCA-signed certificates”.

    I have ben using the customers VPN to access everything, PuTTY, the ESXi clients and even the vCenter Server Management page all work as they should. Only the vSphere client has some kind of issue running through their VPN. Once your in the VM on the local network the vSphere client works too.

    Not sure why. I had added it as a trusted site on my local PC. Maybe a firewall thing.