VMware Cloud Community
ycruz
Contributor
Contributor
‎09-10-2018 02:21 PM

Certificate in SDK 7444 port isn't updated

Hi Community,

I have a problem whit my Vsphere 6.0 Build 9109103 whit embebed PSC Windows Installation, in the last days i updated the Vsphere Certificate whit a Certificate Manager... my 6.0 enviromet was updated from Vsphere 5.5. the  certificate update was success, but my lkin whit NSX solution have a problem whit the lookup service.

My  local port  service is 7444 in th port 443 the certificate is valid and was updated.... but in the 7444 port was not updated.

when i try to link the NSX to Vcenter lookup service shows me the old thumbprint so.. this is the error.

"NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified"

I follow diferents KB., VMware Knowledge Base y try to run a .py scrpts but i do not update my SDK 7444 Certificate.

Please your collaboration.

Yira.

0 Kudos
6 Replies
daphnissov
Immortal
Immortal
‎09-10-2018 02:44 PM

When you replace the machine certificate of vCenter, even in 6.0 the lookup service uses that machine certificate. You need to get NSX Manager to import this new certificate to re-establish the chain of trust, which would be an NSX question at this point, assuming your vSphere is otherwise working properly. See this KB for some assistance.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
daphnissov
Immortal
Immortal
‎09-10-2018 02:47 PM

See also TheITHollow 's great article which may be what you're experiencing here.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
Vijay2027
Expert
Expert
‎09-10-2018 05:25 PM

On the PSC node copy machine ssl and key file to a directory (for ex: ssl)

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /ssl/Machine_SSL.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /ssl/Machine_SSL.key

Then follow the steps (6,7,8) from the below KB article:

https://kb.vmware.com/s/article/2118939

and restart the services.

service-control --stop --all

service-control --start --all

Make sure you have a valid backup/snapshot before you proceed with this.

0 Kudos
ycruz
Contributor
Contributor
‎09-11-2018 09:22 AM

Hi daphnissov,

Thanks foy your reply and time , my point whit a 7444 port is becouse my envirment was updated from 5.5 the defaul port of DSK is 7444 not 443.

in the SDK port 443 the certificate of lookupservice its ok is update but mi NSX manager is linked whit the 7444 port that have a old and expired certificate.

I have tried  test this KB a lot of times whit this script l"s_update_certs.py"  teh result is..

2018-09-11 11:05:21,668 WARN  com.vmware.vim.vmomi.client.http.impl.HttpConfigurationCompilerBase$ConnectionMonitorThreadBase - Shutting down the connection monitor.

Don't update service 3d619580-55d2-4001-85aa-3a5f82618241 Updated 0 service(s)

i can not get in the MOB...

Thanks.

0 Kudos
daphnissov
Immortal
Immortal
‎09-11-2018 09:25 AM

If none of the above are working for you, you might be better served opening a SR.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
ycruz
Contributor
Contributor
‎09-11-2018 09:30 AM

HI Vijay2027,

Thanks for you time and reply, I have tried this KB VMware Knowledge Base  a lot of times... but the certificate  was not updated.

0 Kudos