Hello!
I have vcsa 6.5 U2 and 7 hosts to the cluster.
Now i want add new host to Datacenter, but i have error:
A general system error occurred: Unable to get CSR from host site1-srv8.
This logs from vcsa:
018-05-30T06:24:57.470+03:00 info vpxd[7F693141A700] [Originator@6876 sub=Default opID=AddHostWizard-add-582197-ngc:70042806-16] [VpxLRO] -- ERROR task-5819 -- group-h4 -- vim.Folder.addStandaloneHost: vmodl.fault.SystemError:
--> Result:
--> (vmodl.fault.SystemError) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> reason = "Unable to get CSR from host site1-srv8.example.com"
--> msg = ""
--> }
--> Args:
-->
--> Arg spec:
--> (vim.host.ConnectSpec) {
--> hostName = "site1-srv8.example.com",
--> port = <unset>,
--> sslThumbprint = "BE:BF:5C:B9:90:32:B0:C9:BC:6D:D7:FE:38:64:6D:0C:B2:0F:D7:EF",
--> userName = "root",
--> password = (not shown),
--> vmFolder = 'vim.Folder:f27f7d83-0ac9-440f-a9db-7062fe40b3c8:group-v3',
--> force = true,
--> vimAccountName = "vpxuser",
--> vimAccountPassword = (not shown),
--> managementIp = <unset>,
--> lockdownMode = "lockdownDisabled",
--> hostGateway = (vim.host.GatewaySpec) null
--> }
--> Arg compResSpec:
-->
--> Arg addConnected:
--> true
--> Arg license:
-->
2018-05-30T06:24:57.559+03:00 info vpxd[7F6930F10700] [Originator@6876 sub=vpxLro opID=c318b4f9-3c3f-4813-ba09-493b94a8f474-582206-ngc-6f] [VpxLRO] -- BEGIN lro-385164 -- ChangeLogCollector -- vim.cdc.ChangeLogCollector.waitForChanges -- 525f2f56-3127-bff3-f59c-9e91e515363d(527d66b7-873e-281b-d6bc-f8c9f8cd17c9)
2018-05-30T06:24:57.560+03:00 info vpxd[7F6930F10700] [Originator@6876 sub=vpxLro opID=c318b4f9-3c3f-4813-ba09-493b94a8f474-582206-ngc-6f] [VpxLRO] -- FINISH lro-385164
2018-05-30T06:24:57.653+03:00 info vpxd[7F693365E700] [Originator@6876 sub=vpxLro opID=qfnwop_f27f7d83-0ac9-440f-a9db-7062fe40b3c8:Datacenter:datacenter-2_vmParentFolder:201461:01-42] [VpxLRO] -- BEGIN lro-385165 -- ResourceModel -- cis.data.provider.ResourceModel.query -- 525f2f56-3127-bff3-f59c-9e91e515363d(527d66b7-873e-281b-d6bc-f8c9f8cd17c9)
Ho to resovle this problem?
Thanks!
Seems to be a known issue VMware Knowledge Base
I dont change VCSA sertificate, i update from vcsa 6.5U1 to U2 and add new host, why this problem arise?
Are the hosts 6.7 by chance? I can't add 6.7 hosts but 6.5 U2 work just fine with Appliance.
Not, host version 6.5 U2 (Dell Customized) and VCSA 6.5U2. If i get root cert from esxi host and add to trusted certs on vcsa this problem is resolved?
Sorry , but this KB its not help, i traid reinstall ESXI (at 8 server for last 6.5 image ) but is not help, i traid restart vcsa, but is not help.
At host i see this error (during add host to datacent)
Key
haTask-ha-folder-root-vim.host.LocalAccountManager.createUser-144079212
Description
Creates a local user account
Folder:
State
Failed - The specified key, name, or identifier 'vpxuser' already exists.
Key
haTask--vim.host.CertificateManager.generateCertificateSigningRequestByDn-144079216
Description
Generates a certificate signing request (CSR) for the host using the specified Distinguished Name
State
Failed - Cannot change the host configuration.
Errors
aI change hostname , generate new certificate on host and tried add host to datacenter, this did not solve the problem.
Someone can help me?
I
i) make sure time is in sync between your host and vcenter.
ii) Make sure your FQDN name is correct.
iii) if you applied any license, remove it and try to add host.
If you upgrade an ESXi host to ESXi 6.0 or later, the upgrade process replaces the self-signed (thumbprint) certificates with VMCA-signed certificates. If the ESXi host uses custom certificates, the upgrade process retains those certificates even if those certificates are expired or invalid.
Hosts Provisioned with Auto Deploy
Hosts that are being provisioned by Auto Deploy are always assigned new certificates when they are first booted with ESXi 6.0 or later software. When you upgrade a host that is provisioned by Auto Deploy, the Auto Deploy server generates a certificate signing request (CSR) for the host and submits it to VMCA. VMCA stores the signed certificate for the host. When the Auto Deploy server provisions the host, it retrieves the certificate from VMCA and includes it as part of the provisioning process.
You can use the vCenter Server advanced settings to change to thumbprint mode or to custom CA mode. Use thumbprint mode only as a fallback option.