SDDC Manager precheck fails on vRLI Status or vRLI security check
search cancel

SDDC Manager precheck fails on vRLI Status or vRLI security check

book

Article ID: 314625

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

Symptoms:
While running upgrade prechecks, the vRLI status shows the following error:  An unexpected exception occurred during the precheck:

If vRLI certificate is replaced is using a self-signed certificate, then the following error is seen:

vRSLCM shows "Health check for product vrli" in failed state with "UNKNOWN_LCM_ERROR:

 

 
 



Environment

VMware Cloud Foundation 4.x

Cause

  • The vRLI status error can be caused by an expired vRLI certificate. Verify if the cert is expired by running the following command:
/usr/lib/loginsight/application/lib/apache-cassandra-*/bin/cqlsh -u user -p password --cqlshrc=/storage/core/loginsight/cidata/cassandra/config/cqlshrc


image.png
  • If the expired cert was replaced using a self-signed vRLI certificate, then the precheck will show the vRLI security check error. Verify if the vRSLCM Locker shows the same vRLI certificate fingerprint as the output for this command: 
openssl s_client -connect <vRLI_FQDN:443> | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
 

Resolution

  1. Take a snapshot of vRSLCM and vRLI
  2. Replace the vRLI certificate through vRSLCM by completing the following steps here: https://docs.vmware.com/en/VMware-vRealize-Suite-Lifecycle-Manager/8.6/com.vmware.vrsuite.lcm.8.6.doc/GUID-C1FE1310-1D8B-425C-9B45-F1307A55CBAF.html
  3. Complete an Inventory Sync for the vRLI environment by completing these steps:
    1. On the My services page, click Lifecycle operations.
    2. In the navigation pane, click Environments
    3. Click Trigger inventory sync
    4. In the navigation pane, click Requests and monitor for a successful completion
  4. Rerun the precheck from SDDC Manager