VMware Cloud Foundation

 View Only
Back to discussions
Expand all | Collapse all

error adding hosts on vcf9 installer

  • 1.  error adding hosts on vcf9 installer

    Posted Aug 29, 2025 03:32 AM

    good morning,

      trying to add esxi9 hosts to vcf9 installer, the certs are ok as this kb (https://knowledge.broadcom.com/external/article/386968/cloud-builder-unable-to-deploy-vcfmanage.html) (https://knowledge.broadcom.com/external/article/377172/replacing-the-machine-ssl-certificate-on.html), STILL give me this error:

    tried using esxi8, same config, it works!!!

    any idea?



    -------------------------------------------


  • 2.  RE: error adding hosts on vcf9 installer

    Posted Oct 01, 2025 04:12 AM

    how does the cert within your ESX host look like?

    -------------------------------------------

    Original Message


  • 3.  RE: error adding hosts on vcf9 installer

    Broadcom Employee
    Posted Oct 02, 2025 10:51 AM

    Since you are adding this host via the installer, I assume it has been newly installed and just needs the prep work done so that the installer can do what it needs to do. As long as the installer machine can reach the ESX host by FQDN and the DNS records are set correctly and the correct root password has  been provided to the the installer, that part should be good. 

    After a new install of ESX, there are just a few steps I usually perform on the host before pointing the VCF 9 installer at it. I use a kickstart script now, whenever I can. The key points are getting NTP configured and running

    /sbin/generate-certificates

    Which will generate new certificates based on the current hostname and FQDN. Once you do that, rebooting the host is probably the cleanest way to make sure the correct certificate has been assigned. 

    In case this helps, this is everything I do for ESX 9 when I install it for VCF 9 use:

    #################################
# Kickstart for ESX 9 - TEMPLATE
#################################

accepteula
install --firstdisk=local --overwritevmfs --ignoreprereqwarnings --ignoreprereqerrors --forceunsupportedinstall
rootpw VMware!
keyboard 'US Default'

reboot

network --bootproto=static --device=vmnic0 --ip=10.40.0.201 --gateway=10.40.0.1 --netmask=255.255.255.0 --nameserver=172.21.0.90  --hostname=esx01.ire.lab

%firstboot --interpreter=busybox
sleep 20

#Enter Maintenance Mode
esxcli system maintenanceMode set -e true

#Add Google DNS for resolution (optional)
#esxcli network ip dns server add --server=8.8.8.8

#Configure NTP server
esxcli system ntp set -s=10.6.1.1
esxcli system ntp set -e=yes

#Generate new SSL certificate with the new name and IP
/sbin/generate-certificates

#Suppress shell warning
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1

#Enable & start remote ESXi Shell  (SSH)
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh

#Enable & start the local ESXi shell (Console)
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell

#Exit Maintenance Mode
esxcli system maintenanceMode set -e false

#Final reboot
reboot


    ------------------------------
    --
    Advanced Services Architect | VCF Division
    ------------------------------

    Original Message


  • 4.  RE: error adding hosts on vcf9 installer

    Broadcom Employee
    Posted Oct 03, 2025 11:36 AM

    Doug, gave you a detailed step-by-step configuration for ESX 9 preparation.

    I also encountered this issue, and I verified that the FQDN is configured correctly via DCUI and the ESX Host client.

    If the correct FQDN is configured, then connect to the host by SSH and run the following commands to regenerate the certificate and restart the hosted and vpxa services. And you usually don't need to reboot the host!

    # /sbin/generate-certificates

    # /etc/init.d/hostd restart && /etc/init.d/vpxa restart

    Hopefully, it helps you to solve the issue.

    -------------------------------------------

    Original Message


  • 5.  RE: error adding hosts on vcf9 installer

    Broadcom Employee
    Posted Oct 03, 2025 12:13 PM

    Also, if you want to check the certificate that is being presented by your host, this command could be helpful. SSH into the host or from the console as root

    openssl s_client -connect esx01.test.lab:443 -showcerts -servername esx01.test.lab  2>/dev/null | openssl x509 -noout -text | grep -A 1 Subject\ Alternative

    This should return something like the following where hopefully the hostname matches in the certificate:


                X509v3 Subject Alternative Name:
                    DNS:esx01.test.lab


    You'll have to Control-C to terminate the command, but it is a good test.




    ------------------------------
    --
    Advanced Services Architect | VCF Division
    ------------------------------

    Original Message


  • 6.  RE: error adding hosts on vcf9 installer

    Posted Dec 10, 2025 02:42 AM

    Hi,

    I completed the all of the steps mentioned in this article for ESXi prep but still having 'certificate chain' error while adding host with VCF 9 installer.

    Any suggestions.

    -------------------------------------------

    Original Message


  • 7.  RE: error adding hosts on vcf9 installer

    Posted Dec 10, 2025 03:06 AM

    please post a screenshot of your host certificate.

    e.g.

    -------------------------------------------

    Original Message


  • 8.  RE: error adding hosts on vcf9 installer

    Posted Dec 10, 2025 06:26 AM

    FYI

    -------------------------------------------

    Original Message


  • 9.  RE: error adding hosts on vcf9 installer

    Posted Dec 10, 2025 06:31 AM
    Edited by idefix90 Dec 10, 2025 06:48 AM

    is it possible to use a different dns domain?

    avoid using .local domains!

    your certificate seems to be incorrect.

    Try this:

    Go to DCUI -> configure Management Network -> DNS Configuration

    in the hostname field, type your FQDN (e.g. vcfesx01.lab2.local)

    ensure, that in 'Custom DNS Suffixes' nothing is configured

    SSH to your esx host

    run:

    /sbin/generate-certificates

    reboot the host or run: /etc/init.d/hostd restart && /etc/init.d/vpxa restart

    -------------------------------------------

    Original Message


  • 10.  RE: error adding hosts on vcf9 installer

    Posted 21 days ago

    I have the same issue with my new Hosts. 

    Below commands worked for my few hosts in past, to update the Cert

    # /sbin/generate-certificates

    # /etc/init.d/hostd restart && /etc/init.d/vpxa restart

    But now these commands are not helping, 

    still trying to find about the way to resolve this issue. 

    I'm getting error to commission new host in SDDC Manager  

    "" Failed to fetch Host attributes, please check the configured hostname in ESXi match the exact case as the FQDN and ensure host has a valid certificate with a fully qualified domain name in its common name(CN). You can remove the validation failed host and proceed with commissioning for the remaining hosts. ""

    -------------------------------------------

    Original Message