vCenter

 View Only
  • 1.  Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 12, 2023 04:16 PM

    These issue existed prior to the upgrade. 

    VMDIR CERT
    [FAIL] Certificate expiration check
    73:10:A1:B8:A9:FC:C6:1C:BB:84:13:B5:FD:63:08:DD:23:9E:EB:E6: Cert expired 334 days ago!
    For information on renewing the vmdir certificate, see:
    https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-585CF428-2BBC-47CE-A386-9A39D3DFE0BF.html

    When I go to that link it dowloads a file named vsphere-60-guide-archive.zip. IDK what that would do to address this issue. 

    The second issue is with this:

    [PASS] Certificate SAN check
    Checking VC Extension Thumbprints
    [FAIL] com.vmware.vim.eam Thumbprint Check
    PROBLEM: Thumbprint mismatch detected with com.vmware.vim.eam.
    Please follow https://kb.vmware.com/s/article/57379 to update the thumbprint.

    [FAIL] com.vmware.rbd Thumbprint Check
    PROBLEM: Thumbprint mismatch detected with com.vmware.rbd.
    Please follow https://kb.vmware.com/s/article/57379 to update the thumbprint.

    [INFO] com.vmware.imagebuilder Thumbprint Check
    com.vmware.imagebuilder not found in registered extensions (not in use)

    When I try following the directions in the KB, it fails with this error:

    cbankadmin_0-1681315882254.png

    Should I even be concerned with these issues? I'm new again to VMWare and just trying to clear all issues reported by VDT and SHD.

     



  • 2.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 12, 2023 07:48 PM

    ,

    For your first issue, could you please run: 

    for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;

    For your second issue , could you please run:

    /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd-extension --text | less

    If the output is long, put it in a .txt file and attach it here.



  • 3.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 12, 2023 09:09 PM

    Txt files for both issues. 

     



  • 4.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 12, 2023 09:33 PM

    I had to edit these posts after realizing I was posting txt files with an actual domain inside. Is there a way to delete a post, I can't find where. Would I just use mute?

    Also, is there a more appropriate place to post questions for the Skyline Health Diagnostics appliance? I am trying to figure out how to get it to stop reporting old issues that have been resolved and haven't found anything yet to address this.



  • 5.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 13, 2023 08:53 PM

    ,

    I think this could be posted in vCenter and Skyline Health Diagnostics but I am not 100% sure.

    So for the one mentioned on the KB, have you tried follow the procedure?



  • 6.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 13, 2023 10:06 PM

    Helllo ,

    You're following the right article to fix the Thumbprint mismatch failures on eam (ESX Agent Manager) and rbd (VMware vSphere Auto Deployfrom VDT, however I have come across the same errors as you've mentioned. All that we had to do is start from the beginning by creating a temporary directory under root as certificate and creating a copy certificate and key from the vpxd-extension store.

    https://kb.vmware.com/s/article/57379

    In certain situations, you might receive the error "certificate verify failed: Hostname mismatch, certificate is not valid for 'sdkTunnel'". This error can be safely ignored if you are getting the error after the message "Successfully updated certificate for "com.vmware.vim.eam" extension" as this message confirms that Extension certificate updated successfully with vCenter Server.

    https://kb.vmware.com/s/article/2112577 



  • 7.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 14, 2023 03:36 PM

    Thanks for the replies. Both of those KB's appear to be doing something similar. My issue is that the first step in both KB's fails like this:

    cbankadmin_0-1681486518744.png

    The file does appear to be in the correct directory:

    cbankadmin_0-1681487052212.png

     

     



  • 8.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 14, 2023 06:26 PM

    ,

    I remember now that you created another thread for the lsdoctor template, quick question, if you execute:

    python lsdoctor.py -l

    Does it detect SSL Mistmatches?



  • 9.  RE: Errors reported in VDT and / or Skyline Health Diags.

    Posted Apr 20, 2023 03:21 PM

    It looks clean to me:

    cbankadmin_0-1682004168852.png