rivkamak
asked on
Error upgrading vcenter from 6.5 to 7, "Certificate validation failed during pre-check"
Hi,
During step2 of the upgrade I am getting "Certificate validation failed during pre-check".
I see the kb article https://kb.vmware.com/s/article/68155 but in the error log there is nothing with those error messages. All that I could find is Unexpected error 87 during certificate pre-check., 'severity': 'ERROR'}
During step2 of the upgrade I am getting "Certificate validation failed during pre-check".
I see the kb article https://kb.vmware.com/s/article/68155 but in the error log there is nothing with those error messages. All that I could find is Unexpected error 87 during certificate pre-check., 'severity': 'ERROR'}
Have you checked that all your certificates have not expired ?
ASKER
I just viewed the vcenter certificates through vsphere (https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-C0A0BD94-7AC1-4F40-BAB7-560B5AF0FC41.html),
there was nothing in the expired section.
These are some of the other errors. Dont know if they are related.
there was nothing in the expired section.
These are some of the other errors. Dont know if they are related.
Dell Equallogic is a plugin, which is not compatible, and I don't believe has been fixed yet.
(it has not been fixed, or developed for 7.0!).
Those should not prevent an upgrade.
I would try a 6.5 to 6.7.
If this is not a complex environment, I would just deploy 7.0 from new.
(it has not been fixed, or developed for 7.0!).
Those should not prevent an upgrade.
I would try a 6.5 to 6.7.
If this is not a complex environment, I would just deploy 7.0 from new.
ASKER
I hear, I would like to try troubleshooting a bit longer before going that route though.
On that first article (https://kb.vmware.com/s/article/68155) , it says to run this on vcenter,do you know where this is? When I ssh it says no openssl command.
openssl s_client -connect <PSC/VCSA-FQDN/IP>:7444 | less
On that first article (https://kb.vmware.com/s/article/68155) , it says to run this on vcenter,do you know where this is? When I ssh it says no openssl command.
openssl s_client -connect <PSC/VCSA-FQDN/IP>:7444 | less
I thought you had check all certificates for expiry ?
you would run that on any device providing you have it installed eg your Linux workstation
you would run that on any device providing you have it installed eg your Linux workstation
ASKER
I did I just wanted to see if any different information.
If you use openssl (client) it will show the details of the certificate.
if its windows, you could easily use search option under programfiles for openssl. vcenter 6.5 do not have 7444 port in use. It is for vCenter 6.0.
you can get the output for the
C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry list --store STS_INTERNAL_SSL_CERT --alias __MACHINE_CERT --text |more
If you find it being expired.. Please try the steps in KB https://kb.vmware.com/s/article/76144
you can get the output for the
C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry list --store STS_INTERNAL_SSL_CERT --alias __MACHINE_CERT --text |more
If you find it being expired.. Please try the steps in KB https://kb.vmware.com/s/article/76144
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.