vCenter STS证书即将过期

最新推荐文章于 2023-07-25 00:16:59 发布
最新推荐文章于 2023-07-25 00:16:59 发布
阅读量4.3k 收藏 7
点赞数
原文链接:https://www.wtvirtual.com
版权

本文转自wty虚拟化

查看证书状态

· Web客户端(Flash)

  1. 连接到vSphere Web Client:https:// vcenter_server_ip_address_or_fqdn / vsphere-client
  2. 选择管理员>单一登录>配置>证书> STS签名
    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-4P2WITTx-1614840305407)(https://www.wtvirtual.com/usr/uploads/2021/02/3849861480.png)]

操作前准备

· 确认当前环境没有调用vCenter(即,允许vCenter处于暂时不可用的状态)
· 对vCenter做快照或者备份
· 下载官网【fixsts.sh】脚本
· 准备vCenter的administrator@vsphere.local用户的密码

或者从本站下载fixsts.sh.zip

操作操作

· 将fixsts.sh脚本上传到vCenter;

若使用winscp上传,可能会遇到“主机超过15秒无通信。继续等待...“的错误,可参考如下链接解决;
https://www.wtvirtual.com/virtualization/285.html

· ssh到vCenter
· 为脚本附加权限

切换到脚本所在的文件目录

chmod +x fixsts.sh

· 执行脚本

root@photon-machine [ /tmp ]# ./fixsts.sh
NOTE: This works on external and embedded PSCs
This script will do the following
1: Regenerate STS certificate
What is needed?
1: Offline snapshots of VCs/PSCs
2: SSO Admin Password
IMPORTANT: This script should only be run on a single PSC per SSO domain
==================================
Resetting STS certificate for photon-machine started on Wed Feb 24 18:03:14 -08 2021


Detected DN: cn=172.16.0.10,ou=Domain Controllers,dc=vsphere,dc=local
Detected PNID: 172.16.0.10
Detected PSC: 172.16.0.10
Detected SSO domain name: vsphere.local
Detected Machine ID: 932152323c-71b7-4e04-9ab0-cf54924a6f7c
Detected IP Address: 172.16.0.10
Domain CN: dc=vsphere,dc=local
==================================
==================================

Detected Root's certificate expiration date: 2029 Feb 28
Detected today's date: 2021 Feb 24
==================================

Exporting and generating STS certificate

Status : Success
Using config file : /tmp/vmware-fixsts/certool.cfg
Status : Success


Enter password for administrator@vsphere.local:
Amount of tenant credentials: 1
Exporting tenant 1 to /tmp/vmware-fixsts

Deleting tenant 1

Amount of trustedcertchains: 1
Exporting trustedcertchain 1 to /tmp/vmware-fixsts

Deleting trustedcertchain 1


Applying newly generated STS certificate to SSO domain
adding new entry "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"

adding new entry "cn=TrustedCertChain-1,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"


Replacement finished - Please restart services on all vCenters and PSCs in your SSO domain
==================================
IMPORTANT: In case you're using HLM (Hybrid Linked Mode) without a gateway, you would need to re-sync the certs from Cloud to On-Prem after following this procedure
==================================
==================================

停止vCenter所有的服务

root@photon-machine [ /tmp ]# service-control --stop --all
Perform stop operation. vmon_profile=ALL, svc_names=None, include_coreossvcs=True, include_leafossvcs=True
2021-02-25T02:04:53.203Z   Service vmware-vmon does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:04:53.203Z   Running command: ['/sbin/service', u'vmware-vmon', 'stop']
2021-02-25T02:06:54.864Z   Done running command
2021-02-25T02:06:54.865Z   Successfully stopped service vmware-vmon
Successfully stopped vmon services. Profile ALL.
2021-02-25T02:06:54.875Z   Service vmware-psc-client does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:54.875Z   Running command: ['/sbin/service', u'vmware-psc-client', 'status']
2021-02-25T02:06:54.931Z   Done running command
Successfully stopped service vmware-psc-client
2021-02-25T02:06:56.099Z   Service vmdnsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:56.099Z   Running command: ['/sbin/service', u'vmdnsd', 'status']
2021-02-25T02:06:56.149Z   Done running command
Successfully stopped service vmdnsd
2021-02-25T02:06:56.278Z   Service vmware-stsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:56.278Z   Running command: ['/sbin/service', u'vmware-stsd', 'status']
2021-02-25T02:06:56.325Z   Done running command
Successfully stopped service vmware-stsd
2021-02-25T02:06:58.576Z   Service vmware-sts-idmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:58.576Z   Running command: ['/sbin/service', u'vmware-sts-idmd', 'status']
2021-02-25T02:06:58.622Z   Done running command
Successfully stopped service vmware-sts-idmd
2021-02-25T02:06:59.711Z   Service vmcad does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:59.711Z   Running command: ['/sbin/service', u'vmcad', 'status']
2021-02-25T02:06:59.764Z   Done running command
Successfully stopped service vmcad
2021-02-25T02:06:59.894Z   Service vmdird does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:59.895Z   Running command: ['/sbin/service', u'vmdird', 'status']
2021-02-25T02:06:59.939Z   Done running command
Successfully stopped service vmdird
2021-02-25T02:07:00.076Z   Service vmafdd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:07:00.076Z   Running command: ['/sbin/service', u'vmafdd', 'status']
2021-02-25T02:07:00.122Z   Done running command
Successfully stopped service vmafdd
2021-02-25T02:07:00.271Z   Service lwsmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:07:00.271Z   Running command: ['/sbin/service', u'lwsmd', 'status']
2021-02-25T02:07:00.323Z   Done running command
Successfully stopped service lwsmd

开启vCenter所有的服务

root@photon-machine [ /tmp ]# service-control --start --all
Perform start operation. vmon_profile=ALL, svc_names=None, include_coreossvcs=True, include_leafossvcs=True
2021-02-25T02:08:38.670Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'lwsmd']
2021-02-25T02:08:38.677Z   Done running command
2021-02-25T02:08:38.683Z   Service lwsmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:38.683Z   Running command: ['/sbin/service', u'lwsmd', 'status']
2021-02-25T02:08:38.730Z   Done running command
2021-02-25T02:08:38.736Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:38.870Z   Done running command
2021-02-25T02:08:38.871Z   Running command: ['/usr/bin/systemctl', 'set-property', u'lwsmd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:38.880Z   Done running command
Successfully started service lwsmd
2021-02-25T02:08:39.296Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmafdd']
2021-02-25T02:08:39.307Z   Done running command
2021-02-25T02:08:39.315Z   Service vmafdd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:39.315Z   Running command: ['/sbin/service', u'vmafdd', 'status']
2021-02-25T02:08:39.361Z   Done running command
2021-02-25T02:08:39.368Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:39.498Z   Done running command
2021-02-25T02:08:39.500Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmafdd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:39.508Z   Done running command
Successfully started service vmafdd
2021-02-25T02:08:40.188Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmdird']
2021-02-25T02:08:40.199Z   Done running command
2021-02-25T02:08:40.205Z   Service vmdird does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:40.206Z   Running command: ['/sbin/service', u'vmdird', 'status']
2021-02-25T02:08:40.253Z   Done running command
2021-02-25T02:08:40.259Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:40.374Z   Done running command
2021-02-25T02:08:40.375Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmdird.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:40.382Z   Done running command
Successfully started service vmdird
2021-02-25T02:08:42.948Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmcad']
2021-02-25T02:08:42.964Z   Done running command
2021-02-25T02:08:42.972Z   Service vmcad does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:42.972Z   Running command: ['/sbin/service', u'vmcad', 'status']
2021-02-25T02:08:43.032Z   Done running command
2021-02-25T02:08:43.039Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:43.172Z   Done running command
2021-02-25T02:08:43.172Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmcad.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:43.180Z   Done running command
Successfully started service vmcad
2021-02-25T02:08:44.556Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmware-sts-idmd']
2021-02-25T02:08:44.566Z   Done running command
2021-02-25T02:08:44.572Z   Service vmware-sts-idmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:44.572Z   Running command: ['/sbin/service', u'vmware-sts-idmd', 'status']
2021-02-25T02:08:44.621Z   Done running command
2021-02-25T02:08:44.627Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:44.757Z   Done running command
2021-02-25T02:08:44.757Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-sts-idmd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:44.765Z   Done running command
Successfully started service vmware-sts-idmd
2021-02-25T02:08:57.223Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmware-stsd']
2021-02-25T02:08:57.234Z   Done running command
2021-02-25T02:08:57.239Z   Service vmware-stsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:57.240Z   Running command: ['/sbin/service', u'vmware-stsd', 'status']
2021-02-25T02:08:57.287Z   Done running command
2021-02-25T02:08:57.293Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:57.421Z   Done running command
2021-02-25T02:08:57.422Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-stsd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:57.430Z   Done running command
Successfully started service vmware-stsd
2021-02-25T02:09:40.264Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmdnsd']
2021-02-25T02:09:40.276Z   Done running command
2021-02-25T02:09:40.282Z   Service vmdnsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:09:40.282Z   Running command: ['/sbin/service', u'vmdnsd', 'status']
2021-02-25T02:09:40.327Z   Done running command
Successfully started service vmdnsd
2021-02-25T02:09:40.335Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmware-psc-client']
2021-02-25T02:09:40.346Z   Done running command
2021-02-25T02:09:40.351Z   Service vmware-psc-client does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:09:40.352Z   Running command: ['/sbin/service', u'vmware-psc-client', 'status']
2021-02-25T02:09:40.401Z   Done running command
2021-02-25T02:09:40.407Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:09:40.530Z   Done running command
2021-02-25T02:09:40.531Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-psc-client.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:09:40.539Z   Done running command
Successfully started service vmware-psc-client
2021-02-25T02:09:44.142Z   Running command: ['/usr/bin/systemctl', 'set-environment', 'VMON_PROFILE=NONE']
2021-02-25T02:09:44.148Z   Done running command
2021-02-25T02:09:44.154Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:09:44.289Z   Done running command
2021-02-25T02:09:44.290Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-vmon.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:09:44.300Z   Done running command
2021-02-25T02:09:45.642Z   Running command: ['/usr/bin/systemctl', 'unset-environment', 'VMON_PROFILE']
2021-02-25T02:09:45.649Z   Done running command
Successfully started vmon services. Profile ALL.
懵懂小风
关注
  • 0
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
vmware证书过期问题处理相关脚本
12-29
包含以下资源: checksts.py clean_backup_stores.sh fix_encipherment_cert.sh fixsts.sh
VMware vCenter Server证书过期解决方法
qq_43490217的博客
05-13 1876
Enter proper value for 'Hostname' [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] :这个值和vCenter Server的主机名一致或者填IP。从结果可知STS过期。如果STS过期,则执行修复脚本fixsts.sh(https://kb.vmware.com/s/article/76719)。运行脚本./fixsts.sh,会提示输入账户的密码。
vcenter6.5过期证书升级问题
ccityy的专栏
03-15 1256
可以参照官方链接升级。本文提供了确定 VMware STS 证书过期日期的步骤。
检查 vCenter Server 上 STS 证书过期日期 (79248)
sgj584520的专栏
08-19 5611
检查 vCenter Server 上 STS 证书过期日期 (79248) 注意: STS 证书过期时不会触发证书到期警报。 如果证书设置为 6 个月内过期,VMware 建议替换该证书。如果过期日期在六个月之后,请安排在适当的时间替换证书。 如果 STS 证书即将过期或已过期,请参见: "Signing certificate is not valid" error in VCSA 6.5.x/6.7.x and vCenter Server 7.0.x (76719) "Signi
检查vCenter Server上STS证书过期日期(79248)(STS证书过期,导致 vCenter 报503无法登陆VC)
荒野求生的博客
07-15 5798
检查vCenter Server上STS证书过期日期(79248) 上次更新时间:2020/6/11分类:如何1个语言: 简体中文)日本西班牙文英语 订阅 此文档是由机器翻译完成。我们会努力提供最佳翻译版本,但本地化的内容可能会更新不及时。有关最新内容,请参见中文版本。如果您发现任何翻译错误,请在KB页面底部提供您的反馈。 病征 免责声明:本文是检查STS证书过期vCenter Server...
登入vCenter显示503,证书过期解决办法
yzqtcc的博客
03-11 3879
登入vCenter503,证书过期解决办法
vCenter 续订 STS证书
10-05
vCenter 6.5~6.7 版本遇到两年证书有效期的问题,一旦证书过期vCenter将无法正常使用; 其他证书可以通过界面点击续订;但是这个STS比较麻烦。
vCenter Server Appliance 检查STS证书是否过期脚本
12-09
vCenter Server Appliance 检查STS证书是否过期脚本 ssh登录vCenter,上传并执行脚本
vCenter Server 上 STS 证书 checksts.py
10-05
要验证 VMware Security Token Service (STS) 的过期日期,请执行以下操作: HTML 5 客户端 注意:适用于 vCenter Server 7.0 Update2 及更高版本 通过 https://vcenter_server_ip_address_or_fqdn/ui 连接到 ...
vCenter证书过期处理脚本,可以使用脚本续订成十年证书,清理过期证书以及数据加密证书的续订脚本
最新发布
06-13
当vCenter证书过期时,可能会导致连接问题,影响正常运维。因此,对于vCenter证书的管理和更新是不容忽视的。本文将围绕"vCenter证书过期处理脚本"这一主题,详细解释相关知识点,并讨论提供的脚本和文件的作用。 ...
VMware vCenter证书更新
GTR20的博客
03-30 3590
它的作用也是十分的重要,所以为了保证 VMware vCenter Server的正常运行,需要记住证书过期时间,可以在系统管理下的证书管理中检查过期时间。使用xshell连接进入vc,输入命令/usr/lib/vmware-vmca/bin/certificate-manager回车开始更新。如果登录VC界面时,输入正确的账号密码有报错,可能就是证书已经过期,可以使用ssh工具来更新证书。运行更新文件 ./fixsts.sh,完成后可以登录vc查看证书是否已经更新。更新vc sts证书
vcenter证书过期,更新证书
小江
11-18 1万+
1、检查vc证书是否过期: 在vcsa中分别执行如下命令,在每个命令的输出结果中会有 Not After的条目,检查该条目的时间是否已过期: /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | less /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | less /usr/lib/vmw...
VMware vCenter Server 证书过期解决
万物皆可学
07-25 9305
6.从这个官方页面下载fixsts.sh,懒的话可以直接在/tmp下新建个fixsts.sh脚本文件,将下面的代码复制进去:https://kb.vmware.com/s/article/76719。1.官网下载证书检测文件checksts.py:https://kb.vmware.com/s/article/79248?lang=en_us。3.将checksts.py文件上传到/tmp目录下(懒的话可以直接在/tmp将下面新建个checksts.py文件,将下面代粘贴进去)执行以下命令替换证书配置。
vsphere 7.x证书过期更新
coco3848的博客
01-15 2998
需要注意的是,在vSphere Web页面中更新的证书仅仅是Machine的证书,vCenter需要使用的其他证书并没有更新。执行证书管理命令,选择选项6,更新Solution User Certificates。
vSphere 6.X 的证书导致的vcenter无法登录问题
企业实战系列集 ●●● https://ximenjianxue.blog.csdn.net
08-31 2万+
问题描述 今天收到告警,vcenter链接状态异常,检查从center发现,输入正确的用户名和密码后,无法登录,提示:User name and password are required(用户名和密码被需要),即等同你未输入用户名和密码;输入错误的密码会提示身份认证非法,说明身份认证还是起作用的,服务状态可判断为正常。 页面强行登录时,报400错误。 问题分析: 1、vcenter输入正确的用户名和密码,无法登录,且提示需要用户名和密码,明明输入了为啥会不识别呢?后沟通确认无人修改过密码;即时修改过,应
VMware vCenter证书过期解决方法
热门推荐
autoset的博客
12-09 2万+
vCenter内含各种证书,部分证书过期会导致登录webclient时,出现“获取身份认证程序时出错”(https://ip/ui),“no healthy upstream”(https://ip)的提示,导致无法登陆,错误代码500、400。注意:您可能会收到错误消息: -bash: ./clean_backup_stores.sh: /bin/bash^M: bad interpreter: No such file or directory。STS 证书过期时不会触发证书到期警报。
VC密码正确无法登陆。证书过期。处理。
mgaofeid的博客
09-04 3442
错误提示: 503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x00007fecb000b770] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe) 进入ssh界面 检查chip空间十分正常: root@record [ ~ ]# df -h File
vCenter STS证书即将到期怎么办
05-05
当 vCenter STS 证书即将到期时,您需要重新生成一个有效的证书。以下是一些步骤,可以帮助您完成此过程: 1. 打开 vCenter Server,并通过 Web 客户端或 vSphere 客户端登录。 2. 转到“管理”选项卡,然后选择“证书”。 3. 点击“重新生成证书”。 4. 在重新生成证书的窗口中,输入必要的信息,如证书名称、组织名称、组织单位等。 5. 在“证书有效期”下拉列表中选择一个新的证书有效期。 6. 点击“下一步”,然后输入新证书的密码和确认密码。 7. 点击“下一步”,然后确认您的信息。 8. 点击“完成”以完成证书生成过程。 如果您使用的是自签名证书,那么您需要在所有使用该证书的设备上安装新证书。如果您使用的是 CA 签名证书,则只需将新证书导入 vCenter Server 和相关设备即可。 请注意,重新生成证书后,您需要重新登录 vCenter Server 和所有相关设备。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值