Hi Community,
I have a problem whit my Vsphere 6.0 Build 9109103 whit embebed PSC Windows Installation, in the last days i updated the Vsphere Certificate whit a Certificate Manager... my 6.0 enviromet was updated from Vsphere 5.5. the certificate update was success, but my lkin whit NSX solution have a problem whit the lookup service.
My local port service is 7444 in th port 443 the certificate is valid and was updated.... but in the 7444 port was not updated.
when i try to link the NSX to Vcenter lookup service shows me the old thumbprint so.. this is the error.
"NSX Management Service operation failed.( Initialization of Admin Registration Service Provider failed. Root Cause: Error occurred while registration of lookup service, com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified"
I follow diferents KB., VMware Knowledge Base y try to run a .py scrpts but i do not update my SDK 7444 Certificate.
Please your collaboration.
Yira.
When you replace the machine certificate of vCenter, even in 6.0 the lookup service uses that machine certificate. You need to get NSX Manager to import this new certificate to re-establish the chain of trust, which would be an NSX question at this point, assuming your vSphere is otherwise working properly. See this KB for some assistance.
See also TheITHollow 's great article which may be what you're experiencing here.
On the PSC node copy machine ssl and key file to a directory (for ex: ssl)
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /ssl/Machine_SSL.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /ssl/Machine_SSL.key
Then follow the steps (6,7,8) from the below KB article:
https://kb.vmware.com/s/article/2118939
and restart the services.
service-control --stop --all
service-control --start --all
Make sure you have a valid backup/snapshot before you proceed with this.
Hi daphnissov,
Thanks foy your reply and time , my point whit a 7444 port is becouse my envirment was updated from 5.5 the defaul port of DSK is 7444 not 443.
in the SDK port 443 the certificate of lookupservice its ok is update but mi NSX manager is linked whit the 7444 port that have a old and expired certificate.
I have tried test this KB a lot of times whit this script l"s_update_certs.py" teh result is..
i can not get in the MOB...
Thanks.
If none of the above are working for you, you might be better served opening a SR.
HI Vijay2027,
Thanks for you time and reply, I have tried this KB VMware Knowledge Base a lot of times... but the certificate was not updated.