• Cannot upgrade from VMware vCenter Single Sign-On (SSO) 5.1 to 5.5.
• Upgrading from SSO 5.1 to 5.5 fails after you accept the End User Licensing Agreement.
• The SSO installer fails and rolls back before you choose an SSO deployment method.
• Certificate Authority (CA) signed certificates were implemented in your vSphere 5.1 environment.
• You see the error:
  
  vCenter Single Sign-On Setup Wizard ended prematurely because of an error
  
  
• In the vim-sso-msi.log file, located at %TEMP%, you see entries similar to:

DEBUG: Error 2863: The control WarnNotDNSResolved on dialog MachineStatusDlg needs the icon Exclaim.ico in size 16x16, but that size is not available. Loading the first available size
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2863. The arguments are: MachineStatusDlg, WarnNotDNSResolved, Exclaim.ico
Action 13:12:02: MachineStatusDlg. Dialog created
Action 13:12:04: UpgradeDoExportDlg. Dialog created
MSI (c) (24:54) [13:12:06:564]: Doing action: ExtractKeystoreInfo
Action 13:12:06: ExtractKeystoreInfo.
Action start 13:12:06: ExtractKeystoreInfo.
Action ended 13:12:06: ExtractKeystoreInfo. Return value 3.
DEBUG: Error 2896: Executing action ExtractKeystoreInfo failed.
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2896. The arguments are: ExtractKeystoreInfo, ,
Action ended 13:12:06: SSOWelcomeDlg. Return value 3.
MSI (c) (24:84) [13:12:06:592]: Doing action: FatalError
Action 13:12:06: FatalError.
Action start 13:12:06: FatalError.
Action 13:12:06: FatalError. Dialog created
MSI (c) (24:54) [13:12:15:775]: Doing action: ShowMsiLog
Action 13:12:15: ShowMsiLog.
Action start 13:12:15: ShowMsiLog.
MSI (c) (24:78) [13:12:15:868]: Invoking remote custom action. DLL: C:\Users\SA-VCE~1\AppData\Local\Temp\MSIAA46.tmp, Entrypoint: WixShellExec
MSI (c) (24:EC) [13:12:15:871]: Cloaking enabled.
MSI (c) (24:EC) [13:12:15:871]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (24:EC) [13:12:15:873]: Connected to service for CA interface.
Action ended 13:12:16: ShowMsiLog. Return value 1.
Action ended 13:12:16: FatalError. Return value 2.

...

DEBUG: Error 2896: Executing action ExtractKeystoreInfo failed.
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2896. The arguments are: ExtractKeystoreInfo,
Action ended 12:59:08: SSOWelcomeDlg. Return value 3
MSI (c) (F4: 38) [12:59:08:966]: Doing action: FatalError
Action 12:59:08: FatalError.
Action start 12:59:08: FatalError.
Action 12:59:08: FatalError. dialogue created
MSI (c) (F4: 00) [13:02:04:206]: Doing action: ShowMsiLog
Action 13:02:04: ShowMsiLog.
Action start 13:02:04: ShowMsiLog.

This issue is resolved in VMware vCenter Server 5.5.0b, available at VMware Downloads. For more information, see the vCenter Server 5.5.0b Release Notes.

For example:

<Connector SSLEnabled="true" clientAuth="true" connectionTimeout="20000" executor="castleThreadPool" keyAlias="rui" keystoreFile="C:\ProgramData\VMware\SSOCERTS\rui.pfx" keystorePass="####" <B>keystoreType="JKS" port="7445"protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="C:\ProgramData\VMware\SSOCERTS\rui.pfx" truststorePass="####" truststoreType="PKCS12"/><Connector SSLEnabled="true" clientAuth="false" connectionTimeout="20000" executor="castleThreadPool" keyAlias="rui" keystoreFile="C:\ProgramData\VMware\SSOCERTS\rui.pfx" keystorePass="####" <B>keystoreType="JKS" port="7444"protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" truststoreFile="C:\ProgramData\VMware\SSOCERTS\rui.pfx" truststorePass="####" truststoreType="PKCS12"/>