VMware vSphere

 View Only
  • 1.  Vcenter server enhanced mode certificate update problem

    Posted Feb 01, 2021 03:16 PM

    Hello everyone!

    I`ve got two vcenter servers(vcenter1 and vcenter2) with external PSC(psc1 and psc2). The problem is that on vcenter2 certificates were updated but on psc havent added new certificates to active. So if i log in vcenter2 i can manage vcenter2 and vcenter1, but if i log into vcenter1 i see message "Cannot connect to one or more vcenter servers". 

    I`ve googled for case like this, but could not find anything. Can anyone point me how to solve this problem?



  • 2.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 01, 2021 03:28 PM

     

    Moderator: Moved to vCenter Server Discussions

     



  • 3.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 01, 2021 04:28 PM

    when you login to VC1, we need to check the webclient logs for the vc1 and see why its not able to communicate with vc2.

    do you have all ports opened with psc/vcs in your environment? Is the behavior same with SSO administrator as well or only with domain accounts?

    thanks,

    MS

     



  • 4.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 01, 2021 05:34 PM

    Hello msripada,

    there are no errors in web client logs, but in /var/log/vmware/vapi/endpoint/endpoint.log is see errors like this:

     



  • 5.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 01, 2021 06:30 PM

    MACHINE SSL of vcenter 2 is having issues with trust mismatch. You can use lsdoctor https://kb.vmware.com/s/article/80469 but you need to have maintenance to shutdown and take powered off snapshots of all vcenter/pscs in the environment. Use lsdoctor -t once you have snaps and backups ready. 

    thanks,

    MS



  • 6.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 02, 2021 08:53 AM

    Thanks for answer.

    i`ve tried lsdoctor util, but got this:

    But vcenter2 appeared in web client of vcenter1, but still not managebale.

    Is ther a way to upload new certificates of vcenter2 to psc1?



  • 7.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 02, 2021 01:20 PM

    I suggest you to kindly open case with GSS as things may get complicated if we tweak issues with certs



  • 8.  RE: Vcenter server enhanced mode certificate update problem

    Posted Apr 19, 2023 10:58 AM

     were you able to resolve this issue. If so please help us with the resolution. We are also seeing this issue in our environment.



  • 9.  RE: Vcenter server enhanced mode certificate update problem

    Posted Mar 21, 2024 06:42 AM
    1. Login to the PSC node and run "/usr/lib/vmware-vmdir/bin/vdcadmintool" to check vmdir state 
    2. If vmdir state output is read only , use "/usr/lib/vmware-vmafd/bin/dir-cli state set --state NORMAL
    3. and try "python lsdoctor.py -l" and  "python lsdoctor.py -t"


  • 10.  RE: Vcenter server enhanced mode certificate update problem

    Posted Feb 01, 2021 09:17 PM

     

    Moderator: Please use the "spoiler" function when posting large text dumps to make the thread readable by others, I have edited your most recent post so you can see the difference.

    You add a "spoiler" to a post using the triangle icon on the extended toolbar of the post creator/editor:

    Screenshot 2021-02-01 at 21.15.59.png