VMware vSphere

 View Only
Back to discussions
Expand all | Collapse all

Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

manhh

manhhNov 14, 2019 08:22 AM

It's worked, Thanks
aig

aigDec 24, 2019 08:14 AM

worked for me as well. thanks
Stormeagle2

Stormeagle2Nov 18, 2020 07:46 PM

Thanks, it's work for me too.

  • 1.  Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Sep 30, 2019 09:09 PM

    I completed upgrading our vCenter Server appliance to 6.7U3.  After running into a number of issues doing that, I've finally got everything back normal.  The goal was to add new host hardware we have, which we installed ESXi 6.7 on.  Since we were running VCSA 6.5, I upgraded that to be able to create a new cluster for the new hosts to be managed by the 6.7 VCSA.

    I created the new cluster, enabled DRS, enabled HA, then enabled and set EVC to the highest on the list (Intel Merom).  We're using hosts with Intel Xeon Gold 6143 CPUs.  I followed the wizard for adding new hosts, it seemed to connect and identify them with no issues, but when I start the adding by clicking finish, it fails immediately with the following error message:

    A general system error occurred: Unable to push CA certificates and CRLs to host <hostname/IP>

    I've tried using both the FQDN and IP, but get the same error.  We have not fully licensed these installations yet and they have whatever the default certificate is when you first install ESXi, which we did a few weeks ago.  The vCenter server is using a valid certificate issued by our enterprise CA.  What am I missing?



  • 2.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Oct 01, 2019 08:35 PM

    I ran into this myself two weeks ago.

    A solution/workaround is actually documented in the VMware vCenter Server 6.7 Update 3 Release Notes​, see "You might be unable to add a self-signed certificate to the ESXi trust store and fail to add an ESXi host to the vCenter Server system"

    André



  • 3.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host
    Best Answer

    Posted Oct 18, 2019 04:14 PM

    Joining new hosts failed with certificate issues - I was getting certificate issues when trying to join NEW hosts to a new host cluster in this datacenter in vSphere.  There is a vCenter setting (vCenter -> Configure -> Settings -> Advanced Settings -> vpxd.certmgmt.mode) with a default value of 'vmca', and VMware support had changed the value to 'thumbprint' which then allowed the new hosts to join the cluster using their default certificates (these were newly installed ESXi 6.7 hosts).  Once they were added successfully, this setting was changed back to its default 'vmca'.



  • 4.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Jan 06, 2021 12:28 AM

    Worked for me, but why would it need changed back to 'vmca' is ther a security issue with it left at 'thumbprint'?



  • 5.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Broadcom Employee
    Posted Jan 07, 2021 05:52 AM

    This is not right as thumbprint should only be   used for   5.5 versions.   If the mode   is already   changed to  vmca; this   means   u r still   at issue.   The   VC will  not manage the   host certs  here.   Try a   new certs from   VC  UI for  ESXi and u will be back to the same problem



  • 6.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Mar 03, 2021 03:56 PM


    Thank you for this workaround, it did solve my problem. only difference is I am using a VCSA \ vCenter 6.7.0 - 460000 and primary ESXi Hosts are 6.5.0 U3. 



  • 7.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Feb 20, 2023 05:03 PM

    Thank you for the steps and I resolved my issue by going through your way.



  • 8.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Aug 04, 2023 03:27 PM

    Similar issue.

    Adding a ESXi 6.5U3 host to an existing Legacy cluster containing other 6.5U3 hosts in a vCenter 7.0U3 environment.  NTP was running just fine on the new host.  It was the thumbprint setting in vCenter we needed to get the host to add with a self-signed certificate.

    Thanks.



  • 9.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Jan 08, 2025 08:41 AM

    it worked for me

    i have 2 servers with ESXi 7.0.3 and one vcenter 8.0.3

    one of servers added without problem and other one had this error

    thank you for your solution


    Original Message


  • 10.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Nov 14, 2019 08:22 AM

    It's worked,

    Thanks



  • 11.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Dec 24, 2019 08:14 AM

    worked for me as well.

    thanks



  • 12.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Jan 07, 2020 11:40 PM

    Was grinding on this, fixed my issue, thanks for sharing the fix!



  • 13.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Mar 21, 2020 11:30 AM

    Appreciate this is an older post now, but I've just had this issue occur myself.

    It turned out that the host system date/time was "catastrophically" out (years out)

    By setting this correctly on the host and rebooting, then retrying the operation, all was fine!



  • 14.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Mar 25, 2020 11:40 AM

    While changing to vpxd.certmgmt.mode to thumprint works, I still questioned why this was happening all of a sudden? In my case, it turns out the host time was the issue. Correcting the host time resolved it for me and allowed me to add the host without modifying certmgmt.mode setting.



  • 15.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted May 21, 2020 06:20 PM

    Yes thanks for that.

    I had set my NTP server and made sure the service was started. Still got this error. What it needed was after all that, a host system reboot. So rebooting the esx server allowed it to join with no other changes.



  • 16.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted May 04, 2021 08:46 PM

    Confirmed. I'm running ESXi 7, reinstalled the OS on a few hosts and was having this certificate issue trying to add them back to vSphere. Logged into the host web client, configured the NTP service to our time servers, problem solved.



  • 17.  RE: Cannot add ESXi 6.7 hosts to cluster: A general system error occurred: Unable to push CA certificates and CRLs to host

    Posted Nov 18, 2020 07:46 PM

    Thanks, it's work for me too.