1. Vcenter证书过期修复2
和https://blog.csdn.net/qq_29974229/article/details/127439493有一点区别.
- 上次这个vc6.5,这次是vc6.7
- 用fixsts.sh修复过后任然启动报错
启动服务时,报错内容如下:
root@ebs-app-vc [ ~ ]# service-control --start --all
Operation not cancellable. Please wait for it to finish...
Performing start operation on service lwsmd...
Successfully started service lwsmd
Performing start operation on service vmafdd...
Successfully started service vmafdd
Performing start operation on service vmdird...
Successfully started service vmdird
Performing start operation on service vmcad...
Successfully started service vmcad
Performing start operation on service vmware-sts-idmd...
Successfully started service vmware-sts-idmd
Performing start operation on service vmware-stsd...
Successfully started service vmware-stsd
Performing start operation on service vmdnsd...
Successfully started service vmdnsd
Performing start operation on profile: ALL...
Service-control failed. Error: Failed to start services in profile ALL. RC=1, stderr=Failed to start eam, sca, sps, vpxd, content-library, cis-license, vsphere-client, vsphere-ui, analytics, vapi-endpoint, statsmonitor, vmware-postgres-archiver, vsan-health, vpxd-svcs services. Error: Operation timed out
主要是
管理页面也是503报错
503 Service Unavailable (Failed to connect to endpoint:
[N7Vmacore4Http20NamedPipeServiceSpecE:0x0000558db7faee10] _serverNamespace
= / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)
2. 修复方法
执行命令
/usr/lib/vmware-vmca/bin/certificate-manager
选择第四个,重新生成新的VMCA根证书并替换所有证书
root@ebs-app-vc [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.7 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
## 这里选择4
Option[1 to 8]: 4
3. 重置密码
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:
这里有可能是在输入Administrator@vsphere.local密码的时候发现密码是错误的.
如果密码知道就没必要重置了
root@photon-machine [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcadmintool
==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================
3
Please enter account UPN : administrator@vsphere.local
New password is -
# 下面这行就是密码,复制粘贴到上面那个地方,等web控制端起来了后再进去修改密码
ZIP|*|*6:o=NnzoU/8P1
==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================
0
4. 修复完成
下面这部分其实用默认的就可以了.也可以自定义,反正不记得就用默认的好了
Please configure certool.cfg with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for 'Country' [Default value : US] :
Enter proper value for 'Name' [Default value : CA] :
Enter proper value for 'Organization' [Default value : VMware] :
Enter proper value for 'OrgUnit' [Default value : VMware Engineering] :
Enter proper value for 'State' [Default value : California] :
Enter proper value for 'Locality' [Default value : Palo Alto] :
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : 192.168.101.221
Enter proper value for 'Email' [Default value : email@acme.com] :
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : server.acme.com
Enter proper value for VMCA 'Name' :pana
You are going to regenerate Root Certificate and all other certificates using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameCompleted [Replacing Machine SSL Cert...]
default-site
Lookup all services
Get service default-site:328c065f-ca89-4f5f-913c-57607794af05
Update service default-site:328c065f-ca89-4f5f-913c-57607794af05; spec: /tmp/svcspec_1hyoh8iw
Get service default-site:f6c8582e-97f2-436a-a4fe-61cfb13a8b86
Update service default-site:f6c8582e-97f2-436a-a4fe-61cfb13a8b86; spec: /tmp/svcspec_lml_2fg_
Get service default-site:1f032afd-4e86-4c0a-8e1b-41b69da284d5
Update service default-site:1f032afd-4e86-4c0a-8e1b-41b69da284d5; spec: /tmp/svcspec_iwel07yz
Get service 46b675c5-45f1-4715-a6c4-9009b37bc1d5
Update service 46b675c5-45f1-4715-a6c4-9009b37bc1d5; spec: /tmp/svcspec_lqoc06zv
Get service 681b5bac-6033-4b5c-9108-4a187733689c
Update service 681b5bac-6033-4b5c-9108-4a187733689c; spec: /tmp/svcspec_22oo2kdw
Get service 78aabad1-5c6e-4645-8be7-bd593d7e7bbd
Update service 78aabad1-5c6e-4645-8be7-bd593d7e7bbd; spec: /tmp/svcspec_a3ny3leq
Get service dc998f75-d407-4858-8481-da09d36e8943
Update service dc998f75-d407-4858-8481-da09d36e8943; spec: /tmp/svcspec_nqq85y50
Get service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_vcbimage
Don't update service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_vcbimage
Get service f32b2607-dc30-45af-aef1-0a5db79faf76
Update service f32b2607-dc30-45af-aef1-0a5db79faf76; spec: /tmp/svcspec_45j4hxam
Get service 33a8d00c-a946-4fb8-ab73-f7fcbf3bf44d
Update service 33a8d00c-a946-4fb8-ab73-f7fcbf3bf44d; spec: /tmp/svcspec_j_qntnk7
Get service 12000031-2725-45b7-bccb-21de408e4153
Update service 12000031-2725-45b7-bccb-21de408e4153; spec: /tmp/svcspec__ztv2rio
Get service 268b7255-9f6f-4f92-908e-e42373645a7f
Update service 268b7255-9f6f-4f92-908e-e42373645a7f; spec: /tmp/svcspec_m5p1g0hy
Get service 17def46c-aa15-4db0-a57b-913bfbbce732_kv
Update service 17def46c-aa15-4db0-a57b-913bfbbce732_kv; spec: /tmp/svcspec_zm9i9ps4
Get service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.vmware.vdp2.config
Don't update service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.vmware.vdp2.config
Get service 9fe72b61-2d80-4cfa-b072-f782e545e98f
Update service 9fe72b61-2d80-4cfa-b072-f782e545e98f; spec: /tmp/svcspec_xamxixnp
Get service 76d2475a-2c3a-448b-bc4e-fc02c3ce31ca
Update service 76d2475a-2c3a-448b-bc4e-fc02c3ce31ca; spec: /tmp/svcspec_9llg0ntv
Get service 17def46c-aa15-4db0-a57b-913bfbbce732
Update service 17def46c-aa15-4db0-a57b-913bfbbce732; spec: /tmp/svcspec_v7fve2h3
Get service 72ea6c45-4b99-4b01-a42f-3a7164228740
Update service 72ea6c45-4b99-4b01-a42f-3a7164228740; spec: /tmp/svcspec_psxn_gu2
Get service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.vmware.vsphere.client
Don't update service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.vmware.vsphere.client
Get service 375f8864-b555-4db6-9f24-948a3df6eb16
Update service 375f8864-b555-4db6-9f24-948a3df6eb16; spec: /tmp/svcspec_lpxej2ph
Get service 5d7f5c31-3800-44a8-b700-e286ddb4fcf4
Update service 5d7f5c31-3800-44a8-b700-e286ddb4fcf4; spec: /tmp/svcspec_iqkiml4p
Get service 000d8e2a-7445-4f18-9e13-5f5aa063cafa
Update service 000d8e2a-7445-4f18-9e13-5f5aa063cafa; spec: /tmp/svcspec_iv3zzxrg
Get service 5521f24b-727b-43e0-81d2-70e3162b64d2
Update service 5521f24b-727b-43e0-81d2-70e3162b64d2; spec: /tmp/svcspec_6llzqbyv
Get service e1f4f678-899e-4a23-a0c5-1258291296e2
Update service e1f4f678-899e-4a23-a0c5-1258291296e2; spec: /tmp/svcspec_6ehtova5
Get service 12759817-eecb-4367-ae66-b78115e818d4
Update service 12759817-eecb-4367-ae66-b78115e818d4; spec: /tmp/svcspec_plep63ps
Get service d0ba0cef-a07f-4d95-a29c-f74a2b8f954a
Update service d0ba0cef-a07f-4d95-a29c-f74a2b8f954a; spec: /tmp/svcspec_gtei9wr5
Get service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.vmware.vdp2
Don't update service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.vmware.vdp2
Get service e501eedf-5283-42fa-a3da-0761220f0a19
Update service e501eedf-5283-42fa-a3da-0761220f0a19; spec: /tmp/svcspec_dtpv1qvv
Get service bc192415-09a4-4e51-824b-c4f7750b0166
Update service bc192415-09a4-4e51-824b-c4f7750b0166; spec: /tmp/svcspec_e259pzwv
Get service b6344006-4daf-4bd0-b325-57acdd16f98f
Update service b6344006-4daf-4bd0-b325-57acdd16f98f; spec: /tmp/svcspec_pc9vgucq
Get service 130bbe03-4ad4-4689-bdb2-b6c5956ffbdd
Update service 130bbe03-4ad4-4689-bdb2-b6c5956ffbdd; spec: /tmp/svcspec_hoiiwtnc
Get service 4c0472eb-9757-4654-88be-2347732df653
Update service 4c0472eb-9757-4654-88be-2347732df653; spec: /tmp/svcspec_gckxiotd
Get service c6b69e9d-8d94-4ab6-a3cc-7a6e3002b5d8
Update service c6b69e9d-8d94-4ab6-a3cc-7a6e3002b5d8; spec: /tmp/svcspec_r8hkubo6
Get service f35f1a6f-b3c3-4bf1-a744-3262e55160d8
Update service f35f1a6f-b3c3-4bf1-a744-3262e55160d8; spec: /tmp/svcspec_bh6w418g
Get service 88eb6d09-2876-4c71-92c3-1e815dba8307
Update service 88eb6d09-2876-4c71-92c3-1e815dba8307; spec: /tmp/svcspec_cvl3ndxo
Get service 1e035e61-3bc9-4782-a92e-4fddfa9f7672
Update service 1e035e61-3bc9-4782-a92e-4fddfa9f7672; spec: /tmp/svcspec_5par2xfc
Get service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.emc.avamar.vmware.vcs.SnapshotManagerDelete
Don't update service 46b675c5-45f1-4715-a6c4-9009b37bc1d5_com.emc.avamar.vmware.vcs.SnapshotManagerDelete
Get service 4e9e2663-5d77-47f6-ba8a-29b57f2144ed
Update service 4e9e2663-5d77-47f6-ba8a-29b57f2144ed; spec: /tmp/svcspec_909hk04r
Get service 17def46c-aa15-4db0-a57b-913bfbbce732_authz
Update service 17def46c-aa15-4db0-a57b-913bfbbce732_authz; spec: /tmp/svcspec_k9_j6ox4
Updated 34 service(s)
Status : 60% Completed [Replace vpxd-extension Cert...]
2023-04-04T02:06:40.598Z Updating certificate for "com.vmware.vim.eam" extension
2023-04-04T02:06:40.846Z Updating certificate for "com.vmware.rbd" extension
2023-04-04T02:06:41.097Z Updating certificate for "com.vmware.imagebuilder" extension
Status : 85% Completed [starting services...]
这里要等一会
Status : 100% Completed [All tasks completed successfully]
到100%了就可以正常打开管理页面了.
5. 收尾部分
前年如果修改过Administrator@vsphere.local密码的话,这里需要把那段不好记忆的密码修改一下
修改完确认即可