メイン コンテンツに進む
ログアウト

Dellへようこそ

マイアカウント
  • すばやく簡単にご注文が可能
  • 注文内容の表示、配送状況をトラック
  • 会員限定の特典や割引のご利用
  • 製品リストの作成とアクセスが可能
ログイン アカウントの新規作成 プレミアログイン パートナー プログラム サインイン
お問い合わせ

Dell.comカート

Dell VxRail: Cannot log in to VCSA with error 500. PSC&VC certs expired and failed to renew.

概要: Cannot log in to vCenter with the error 500. PSC and vCenter certs have expired and failed to renew.

この記事は次に適用されます:   この記事は次には適用されません: 
リソースをチェックアウト:

現象

Cannot log in to vCenter with the error 500 SSO. PSC and VC certificates expired and failed to renew.
  • List the certificates in the CLI of the PSC and VCSA with the command: 
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done

In this case, the STS and PSC certificates were renewed, and the PSC service was successfully started, but the VCSA certificate failed to be renewed.

Status : 85% Completed [starting services...]
Error while starting services, please see log for more details
Status : 0% Completed [Operation failed, performing automatic rollback]
Rollback Status : 85% Completed [starting services...]
Error while starting services, please see log for more details
Rollback Status : 0% Completed [Rollback operation failed]
Found error in certificate-manager.log
2020-07-07T05:35:07.885Z INFO certificate-manager MACHINE_SSL_CERT certificate replaced successfully. SerialNumber and Thumbprint changed.
2020-07-07T05:35:30.982Z ERROR certificate-manager 'lstool get' failed: 1
2020-07-07T05:35:30.983Z ERROR certificate-manager please see /var/log/vmware/certificate-manager.log for more information.
  • List the certificates in the CLI of VCSA with the command:
root@vcserver [ ~ ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --tex t | egrep "Alias|Not After"; done
STORE MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Jul 7 06:08:54 2022 GMT
STORE TRUSTED_ROOTS
Alias : e0aa985977e68d108d4dd31405fd420f4201380f
Not After : Jun 28 03:40:14 2028 GMT
Alias : 5d349a64d4fe81701f6b821e7518dd116d3dbd2c
Not After : Jul 2 04:50:39 2030 GMT
STORE TRUSTED_ROOT_CRLS
Alias : cc8d6a249fc496029ffff4f6f87219d30bb4ffcc
Alias : 927ba815ca062a8de35ff58667e837bf46b548cc
STORE machine
Alias : machine
Not After : Jul 3 03:44:26 2020 GMT------------- internal solution user certificates not renew
STORE vsphere-webclient
Alias : vsphere-webclient
Not After : Jul 3 03:44:27 2020 GMT-------------internal solution user certificates not renew
STORE vpxd
Alias : vpxd
Not After : Jul 3 03:44:27 2020 GMT--------------internal solution user certificates not renew
STORE vpxd-extension
Alias : vpxd-extension
Not After : Jul 3 03:44:28 2020 GMT------------internal solution user certificates not renew
STORE SMS
Alias : sms_self_signed
Not After : Jul 4 03:59:04 2028 GMT
STORE BACKUP_STORE
Alias : bkp___MACHINE_CERT
Not After : Jul 7 05:48:50 2022 GMT
Alias : bkp_machine
Not After : Jul 3 03:44:26 2020 GMT
Alias : bkp_vsphere-webclient
Not After : Jul 3 03:44:27 2020 GMT
Alias : bkp_vpxd
Not After : Jul 3 03:44:27 2020 GMT
Alias : bkp_vpxd-extension
Not After : Jul 3 03:44:28 2020 GMT

原因

This issue occurs when there are third-party extensions like nimble storage, veeambackupUI, and so forth with no valid certificates registered to vCenter Server. See VMware article 2150057 This hyperlink is taking you to a website outside of Dell Technologies..

解決方法

See VMware article 215007 This hyperlink is taking you to a website outside of Dell Technologies.. Try to unregister the third-party extensions. If the user cannot access MOB because the certificates have expired, follow VMware article 1025360 This hyperlink is taking you to a website outside of Dell Technologies..

To resolve the issue with the MOB expiration: 
  • Revert the PSC and VCSA snapshots to the backup.
  • Take a new snapshot for PSC and VCSA.
  • Set PSC and VCSA time from NTP to manual.
  • Set the PSC and VCSA time 24 hours before the certificate expires. (advanced setting "vpxd.certmgmt.certs.minutesBefore" is 24 hours by default)
  • Restart PSC and VCSA services, and you can access the VC MOB now.
  • Follow VMware article 1025360 This hyperlink is taking you to a website outside of Dell Technologies. and unregister the nondefault third-party extensions.
  • Renew PSC certificates with certificate-manager option 8. If the vmware-cm service cannot start, follow VMware article 76719This hyperlink is taking you to a website outside of Dell Technologies. to fix the STS certificate, and restart the vmware-cm service.
  • Renew VC certificates with option 8.
  • Set the time to the correct time and restart PSC and VCSA services.

その他の情報

Remember to reimport certificate on VXM. Follow the article VxRail: How to manually import vCenter SSL certificate on VxRail Manager.

対象製品

VxRail Appliance Series

製品

VxRail Appliance Series
文書のプロパティ
文書番号: 000070683
文書の種類: Solution
最終更新: 24 5月 2024
バージョン:  7
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。