Rala
repo

20220801 Vcenter Webclient 503

Github logo Edit on GitHub

https://kb.vmware.com/s/article/59555

Resolution

To resolve this issue, delete any corrupt files in /etc/ssl/certs and remove all entries from the CRL store so that VMDIR push down fresh certificates to VECS. This in turn allows the VAPI service to start successfully.

Ensure you a have a valid backup or snapshot of the vCenter Server before proceeding. Overview of Backup and Restore options in vCenter Server 6.x (2149237)

A script has been written to automate this process.

  1. SSH to the vCenter Server Appliance.
  2. CD into /tmp.
  3. Create a file for the script. For example # vi crl-fix.sh
  4. Copy and paste the following into the file:
#!/bin/bash
cd /etc/ssl/certs
mkdir /tmp/pems
mkdir /tmp/OLD-CRLS-CAs
mv *.pem /tmp/pems && mv *.* /tmp/OLD-CRLS-CAs
h=$(/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOT_CRLS --text | grep Alias | cut -d : -f 2)
for hh in "echo "${h[@]}"";do echo "Y" | /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store TRUSTED_ROOT_CRLS --alias $hh;done
mv /tmp/pems/* .
for l in `ls *.pem`;do ln -s $l ${l/pem/0};done
service-control --stop vmafdd && service-control --start vmafdd
  1. Save the file and change the permissions before executing the script.

chmod +x crl-fix.sh

  1. Run the script using following syntax.

./crl-fix.sh

  1. Reboot the vCenter Server Appliance.

reset sso admin password

vmca의 ssh shell에서 sso 관리자 비밀번호를 초기화하는 방법 https://kb.vmware.com/s/article/2146224

get vcenter local domain name

vmca의 /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

error 1021: could not connect to the local service vmware afd

=> service-control --start vmafdd

패스워드 리셋시 VmDirForceResetPassword failed (9126)

뭔가 서비스가 제대로 돌고있지 않은 상황

service-control --start --all

ssl certificate reset vmca

vmware vcenter server appliance의 빌트인 ssl 인증서 리셋

https://kb.vmware.com/s/article/2112283

/usr/lib/vmware-vmca/bin/certificate-manager

vcenter 기본 계정

https://communities.vmware.com/t5/VMware-vCenter-Discussions/Built-in-and-custom-Accounts-Information/m-p/978620?start=0&tstart=0 https://communities.vmware.com/t5/VMware-vCenter-Discussions/Local-accounts-in-vCenter-Server/td-p/1764304

커버로스 인증을 위한 기본 계정. 삭제 및 수정 시 인증이 정상동작 하지 않으므로 수정하지 않고 유지 필요

waiter-xxxx-... waiter-yyyy-... krbtgt/domainname K/M

Previous
Zabbix와 SNMP를 이용하여 Cisco 장비 모니터링
Next
20220914 Dotnet Windows Logging