After upgrading vCenter to 8.0u2, ESXi hosts fail to boot with auto deploy when custom certificate authority is used in the vCenter.
search cancel

After upgrading vCenter to 8.0u2, ESXi hosts fail to boot with auto deploy when custom certificate authority is used in the vCenter.

book

Article ID: 314363

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

To enable the Auto Deploy feature for booting hosts in the vCenter Server version 8.0 U2.

Symptoms:
Auto Deploy is a feature of vSphere used to quickly provision and configure ESXi hosts
After upgrading vCenter to 8.0u2, ESXi hosts fail to boot with auto deploy when custom certificate authority is used in the vCenter.

Environment

VMware vCenter Server 8.0.2

Cause

The component cayman_ipxe uses a fixed length buffer to hold cryptographic data and it returns an error if the buffer is not large enough (with logging from tls.c, the error message "received overlength handshake" is shown).

Resolution

VMware is aware of the issue and is fixed in vCenter 8.0U3C

Workaround:
To switch to self-signed certificates from custom certificates resolves the issue and host boot with auto-deploy works fine.
KB to switch to self-signed certificates, ensuring snapshots are taken: Replace vCenter certificates with self signed

Additional Information

Impact/Risks:
The Auto Deploy fails with the following error :

image.png