Migrate 6.0u3 windows to 6.7u3f VCSA failure &q… |VMware Communities

Hi all,

I post here due to the slow response time of our case with VMWare.  I had to roll back (power back on and rejoin to AD) our Windows vCenter server 6 since this migration did not work.  I thought I had a smooth upgrade going after I found out I had to add our vmware service account the Replace a Process Level Token privelage in windows.  Once I fixed that minor thing the migration assistant worked well.

The VCSA deployed, powered off the Windows vCenter machine, the new one joined to AD and then eventually after some time it gave an error.

Analytics Service registration with Component Manager failed



I google search this and found this vmware kb




This lead me down the rabbit hole of enabling ssh and bash so I could winscp our root cert ca pem file onto the box. I did this and copied our root ca certificate which is a windows 2012 R2 certificate authority to /etc/ssl/certs.



/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish –cert /etc/ssl/certs/Root-CA.cert.pem



It imported successfully (or so it told me)

I hit retry and it was the same error. I then rebooted the new VCSA thinking maybe it needs to be rebooted to take affect. It rebooted but changed its IP address to the final IP that the old windows vcenter was. So I changed it back to the temporary ip address using DCUI so the migration wizard could contact it. I still get the same error when retrying the migration wizard that is running on my windows box “Analytics Service registration with Component Manager failed”.


I then followed this guide to try to replace the vSPhere 6.0 Machine SSL certificate with a VMCA issued certificate



However I get an error and tells me to check the and in the certificate-manager.log.  An excerpt from that log right around the ERROR lines:

2020-04-13T16:52:47.565Z INFO certificate-manager MACHINE_SSL_CERT certificate replaced successfully. SerialNumber and Thumbprint changed.

2020-04-13T16:52:47.662Z INFO certificate-manager lstool command currently being executed is : [‘/usr/java/jre-vmware/bin/java’, ‘-Djava.security.properties=/etc/vmware/java/vmware-override-java.security’, ‘-cp’, ‘/usr/lib/vmidentity/tools/lib/lookup-client.jar:/usr/lib/vmidentity/tools/lib/*’, ‘-Dlog4j.configuration=tool-log4j.properties’, ‘com.vmware.vim.lookup.client.tool.LsTool’, ‘get-site-id’, ‘–no-check-cert’, ‘–url’, ‘https://drvcenter.diamondcu.com:443/lookupservice/sdk‘]

2020-04-13T16:52:49.487Z ERROR certificate-manager ‘lstool get-site-id’ failed: 1

2020-04-13T16:52:49.490Z ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.

2020-04-13T16:52:49.490Z ERROR certificate-manager ‘lstool get-site-id’ failed: 1

2020-04-13T16:52:49.492Z INFO certificate-manager Performing rollback of Machine SSL Cert…


Now, not sure what to do, and just crickets with vmware support… I powered off the VCSA, powered back on the windows vcenter, rejoined to to AD and rebooted and now were back to vcenter 6.0 update 3.


Any ideas?  The vmware certificates always put us through utter hell on the windows environment and it seems its going to continue to be that way on the VCSA.

We really would like to migrate off of the Windows Server 2008 R2 vms running vcenter 6.0.  This is our DR site.  I haven’t even touched production yet.  I wouldn’t be surprised if our production site will give us difficulties.  I can’t install the latest windows vcenter 6.0 patch… error 1603 starting some service… and none of the kb articles helped (removing some vmware java stuff, etc..).  So I can’t wait to get off of the Windows platform and upgrade.


DR Vcenter 6.0.0 build 14510545 – attempting first.  – Running on fully patched Windows Server 2008 R2

SRM virtual appliance 8.2

vSphere replicaiton virtual appliance 8.2 (its receiving inbound from hq)

2 ESXi 6.0.0, 15169789 hosts – HP 380g8’s, eventually will take them to latest ESXi 6.5 build using HP’s custom image.  Hosts are not officially supported past 6.5.


HQ Vcenter 6.0.0 build 9313458 – will do second.  – Running on fully patched Windows Server 2008 R2

SRM virtual appliance 8.2

vSphere replicaiton virtual appliance 8.2 (Its replicating 28 vms to the DR site).

8 ESXi 6.0.0, 15169789 hosts.  Dell FC640’s, eventually will take them to latest ESXi 6.7 build using Dells custom image.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *