Upgrade of ESXi using ISO/DVD fails with SHA1_CERT error
search cancel

Upgrade of ESXi using ISO/DVD fails with SHA1_CERT error

book

Article ID: 313471

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

VMware ESXi Installer will fail with the following error:

Symptoms:

  • ESXi host upgrade fails when booting from an ISO/DVD with SHA1_CERT Error.
  • The ESXi hosts are using a TPM (Trusted Platform Module).



Environment

VMware vSphere ESXi 8.x

Cause

If an existing ESXi installation had TPM, Secure Boot, and execInstalledOnly enabled, you may encounter an error during the upgrade process. This error is due to the installer's inability to decrypt the ESXi state.

Resolution

Currently there is no resolution to the issue.

To workaround the issue, please follow the below mentioned steps:

1. Disable the execInstalledOnly Enforcement on the host prior to upgrade with the command, please refer Enable or Disable the execInstalledOnly Enforcement for a Secure ESXi Configuration for more information.

esxcli system settings encryption set -s true -e false

2. Once the upgrade is finished, re-enable it using the command:

esxcli system settings encryption set -s true -e true


Alternative Upgrade Methods: Consider upgrading using vLCM (vSphere Lifecycle Manager) or Baselines.
 

Powered by Wolken Software