代码编织梦想

错误提示:
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x00007fecb000b770] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)
进入ssh界面
检查chip空间十分正常:

root@record [ ~ ]# df -h
Filesystem                                Size  Used Avail Use% Mounted on
devtmpfs                                  7.9G     0  7.9G   0% /dev
tmpfs                                     7.9G   12K  7.9G   1% /dev/shm
tmpfs                                     7.9G  700K  7.9G   1% /run
tmpfs                                     7.9G     0  7.9G   0% /sys/fs/cgroup
/dev/sda3                                  11G  5.5G  4.7G  55% /
tmpfs                                     7.9G   18M  7.9G   1% /tmp
/dev/mapper/netdump_vg-netdump            985M  1.3M  932M   1% /storage/netdump
/dev/mapper/log_vg-log                    9.8G  3.1G  6.2G  34% /storage/log
/dev/mapper/imagebuilder_vg-imagebuilder  9.8G   23M  9.2G   1% /storage/imagebuilder
/dev/mapper/db_vg-db                      9.8G  242M  9.0G   3% /storage/db
/dev/mapper/core_vg-core                   50G   52M   47G   1% /storage/core
/dev/mapper/autodeploy_vg-autodeploy      9.8G   23M  9.2G   1% /storage/autodeploy
/dev/mapper/updatemgr_vg-updatemgr         99G   98M   94G   1% /storage/updatemgr
/dev/mapper/dblog_vg-dblog                 15G  230M   14G   2% /storage/dblog
/dev/mapper/seat_vg-seat                   25G  1.3G   22G   6% /storage/seat
/dev/sda1                                 120M   28M   87M  25% /boot

检查证书是否过期:

root@record [ /tmp1 ]# python checksts.py 

2 VALID CERTS
================

        LEAF CERTS:

        [] Certificate 77:B0:98:2C:F6:A5:76:78:79:97:47:74:05:BE:82:9C:1A:CA:52:95 will expire in 730 days (2.0 years).

        ROOT CERTS:

        [] Certificate 0A:95:66:2A:38:52:F2:24:17:D9:BC:66:0C:E8:5C:C2:31:80:54:05 will expire in 2915 days (7.0 years).

0 EXPIRED CERTS
================

        LEAF CERTS:

        None

        ROOT CERTS:

        None
root@record [ /tmp1 ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done
STORE MACHINE_SSL_CERT
Alias : __MACHINE_CERT
            Not After : Aug 27 21:14:59 2021 GMT
STORE TRUSTED_ROOTS
Alias : 0a95662a3852f22417d9bc660ce85cc231805405
            Not After : Aug 22 09:14:26 2029 GMT
STORE TRUSTED_ROOT_CRLS
Alias : 615ffd35bd0c86bd4e1a482b975fca208fc422d6
STORE machine
Alias : machine
            Not After : Aug 27 09:05:53 2021 GMT
STORE vsphere-webclient
Alias : vsphere-webclient
            Not After : Aug 27 09:05:58 2021 GMT
STORE vpxd
Alias : vpxd
            Not After : Aug 27 09:06:05 2021 GMT
STORE vpxd-extension
Alias : vpxd-extension
            Not After : Aug 27 09:06:06 2021 GMT
STORE SMS
Alias : sms_self_signed
            Not After : Aug 28 09:20:48 2029 GMT
STORE BACKUP_STORE
Alias : bkp___MACHINE_CERT
            Not After : Aug 27 21:14:59 2021 GMT
Alias : bkp_machine
            Not After : Aug 27 09:05:53 2021 GMT
Alias : bkp_vsphere-webclient
            Not After : Aug 27 09:05:58 2021 GMT
Alias : bkp_vpxd
            Not After : Aug 27 09:06:05 2021 GMT
Alias : bkp_vpxd-extension
            Not After : Aug 27 09:06:06 2021 GMT

发现证书过期:
查询服务名称信息

root@record [ /tmp1 ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
192.16.86.240

更新证书

root@record [ /tmp1 ]# /usr/lib/vmware-vmca/bin/certificate-manager
                 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
                |                                                                     |
                |      *** Welcome to the vSphere 6.5 Certificate Manager  ***        |
                |                                                                     |
                |                   -- Select Operation --                            |
                |                                                                     |
                |      1. Replace Machine SSL certificate with Custom Certificate     |
                |                                                                     |
                |      2. Replace VMCA Root certificate with Custom Signing           |
                |         Certificate and replace all Certificates                    |
                |                                                                     |
                |      3. Replace Machine SSL certificate with VMCA Certificate       |
                |                                                                     |
                |      4. Regenerate a new VMCA Root Certificate and                  |
                |         replace all certificates                                    |
                |                                                                     |
                |      5. Replace Solution user certificates with                     |
                |         Custom Certificate                                          |
                |                                                                     |
                |      6. Replace Solution user certificates with VMCA certificates   |
                |                                                                     |
                |      7. Revert last performed operation by re-publishing old        |
                |         certificates                                                |
                |                                                                     |
                |      8. Reset all Certificates                                      |
                |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 8
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : Y
Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
Please configure certool.cfg with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for 'Country' [Default value : US] : 
Enter proper value for 'Name' [Default value : CA] : 
Enter proper value for 'Organization' [Default value : VMware] : 
Enter proper value for 'OrgUnit' [Default value : VMware Engineering] : 
Enter proper value for 'State' [Default value : California] : 
Enter proper value for 'Locality' [Default value : Palo Alto] : 
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : 192.16.86.240
Enter proper value for 'Email' [Default value : email@acme.com] : 
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : 192.16.86.240
Enter proper value for VMCA 'Name' :192.16.86.240
Continue operation : Option[Y/N] ? : y
You are going to reset by regenerating Root Certificate and replace all certificates using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameCompleted [Reset Machine SSL Cert...]
Reset status : 100% Completed [Reset completed successfully]   
root@record [ /tmp1 ]# reboot -f
root@record [ /tmp1 ]# ./fixsts.sh
NOTE: This works on external and embedded PSCs
This script will do the following
1: Regenerate STS certificate
What is needed?
1: Offline snapshots of VCs/PSCs
2: SSO Admin Password
IMPORTANT: This script should only be run on a single PSC per SSO domain
==================================
Resetting STS certificate for record started on Sat Sep  4 14:55:30 CST 2021


Detected DN: cn=192.16.86.240,ou=Domain Controllers,dc=vsphere,dc=local
Detected PNID: 192.16.86.240
Detected PSC: 192.16.86.240
Detected SSO domain name: vsphere.local
Detected Machine ID: 1cd37eb5-541c-40ac-9d6f-f49c41f35515
Detected IP Address: 192.16.86.240
Domain CN: dc=vsphere,dc=local
==================================
==================================

Detected Root's certificate expiration date: 2029 Aug 29
Detected today's date: 2021 Sep 4
==================================

Exporting and generating STS certificate

Status : Success
Using config file : /tmp/vmware-fixsts/certool.cfg
Status : Success


Enter password for administrator@vsphere.local: 
Amount of tenant credentials: 1
Exporting tenant 1 to /tmp/vmware-fixsts

Deleting tenant 1

Amount of trustedcertchains: 1
Exporting trustedcertchain 1 to /tmp/vmware-fixsts

Deleting trustedcertchain 1


Applying newly generated STS certificate to SSO domain
adding new entry "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"

adding new entry "cn=TrustedCertChain-1,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"


Replacement finished - Please restart services on all vCenters and PSCs in your SSO domain
==================================
IMPORTANT: In case you're using HLM (Hybrid Linked Mode) without a gateway, you would need to re-sync the certs from Cloud to On-Prem after following this procedure
==================================
==================================
root@record [ /tmp1 ]# reboot -f
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/mgaofeid/article/details/119979078

Vcenter6.5的证书过期重启服务报错-爱代码爱编程

Vcenter6.5的administrator密码过期重启服务报错 1.通过命令重置administrator密码 /usr/lib/vmware-vmdir/bin/vdcadmintool 选择3 Reset account password 输入UPN:administrator@vsphere.local 系统会随机生成新密码

vcsa证书过期问题处理_colalovescoffee的博客-爱代码爱编程

1.  故障现象 2022年10月25日,登陆VC报错。     按照报错信息,结合官方文档,判断为STS证书过期导致。 vCenter Server Appliance (VCSA) 6.5.x, 6.7.x or vCenter Server 7.0.x 在/var/log/vmware/vpxd-svcs/vpxd-svc

vmware vcenter证书过期解决方法-爱代码爱编程

         vCenter证书过期解决方法  目录 1 概述    2 详细操作步骤         2.1 检查关键的STS证书是否过期并修复         2.2 检查除STS证书外是否还有其余证书过期         2.3 续订除STS和data-encipherment以外的

vsphere 7.x证书过期更新-爱代码爱编程

1.vSphere Web界面更新 需要注意的是,在vSphere Web页面中更新的证书仅仅是Machine的证书,vCenter需要使用的其他证书并没有更新。 2.命令方式更新 查看哪些证书过期; for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep

登入vcenter显示503,证书过期解决办法-爱代码爱编程

登入vCenter显示503 原因:当安全令牌服务 (STS) 证书已过期时,会出现这些问题。这会导致内部服务和解决方案用户无法获取有效令牌,从而导致无法按预期运行(证书两年后就会过期)。 解决办法: STS证书更换

vmware集群不可访问 证书到期-爱代码爱编程

报错: HTTP状态 500 - 内部服务器错误  原因:service-control --start vmware-vpxd 启动不了 查看内部原因是证书到期 root@localhost [ ~ ]# service-control --start vmware-vpxd peration not cancellable. Please w

vcsa7.0访问提示no healthy upstream故障解决方案-爱代码爱编程

打开vCenter网页显示no healthy upstream报错,报错如图  解决办法: 1、使用SSH访问VSCA主机。 2、输入如下命令,检查证书有效期,发现__MACHINE_CERT证书到期。 for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STO

vcenter证书过期-爱代码爱编程

1. Vcenter证书过期修复2 和https://blog.csdn.net/qq_29974229/article/details/127439493有一点区别. 上次这个vc6.5,这次是vc6.7用fixsts