Repairing a VMware Cloud Director Appliance that was re-initialized
Article ID: 323311
Updated On:
Products
VMware Cloud Director
Issue/Introduction
This article provides steps to recover a VMware Cloud Director Appliance that was re-initialized.
Symptoms:
Symptoms:
- After vCD Appliance deployment, the /opt/vmware/etc/vami/flags/vami_firstboot file still exists.
- vCD Appliance Management UI redirects to Appliance System Setup.
- Logging into the vCD Appliance requires resetting the root password.
- When accessing the vCD Appliance Management UI or VMware Cloud Director UI, the browser will warn the user that the certs are not trusted, with the following error NET::ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.
Note: This error message may differ in different browsers.
In Chrome and Edge: error NET::ERR_CERT_AUTHORITY_INVALID
In Mozilla: error code MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
- Connection to VM Console fails.
- The vCD Appliance vpostgres service is stopped.
Environment
VMware Cloud Director 10.x
Cause
This is a known issue affecting Cloud Director versions 10.1.3, 10.2.1 and 10.2.2. This issue occurs when the /opt/vmware/etc/vami/flags/vami_firstboot file is not deleted after setup. Rebooting the appliance in this state triggers a re-initialization.
Resolution
To avoid the Appliance re-initializing, see How to avoid VMware Cloud Director Appliance re-initialization after a power cycle or restart.
To resolve this issue for any affected Cloud Director Appliances perform the needed remediation.
Note: Not all symptoms will occur for each deployment.
Symptom 1:
The /opt/vmware/etc/vami/flags/vami_firstboot file still exists after Appliance deployment.
Remediation:
Delete the /opt/vmware/etc/vami/flags/vami_firstboot file with this command:
rm /opt/vmware/etc/vami/flags/vami_firstboot
Symptom 2:
The appliance OS root password is expired.
Remediation:
Set the new OS root password on the next OS login.
Symptom 3:
The Appliance Management UI is showing the Appliance System Setup page appears even though the appliance is already configured.
Remediation:
Fix the Appliance to not show the Appliance System Setup page
Symptom 4:
When accessing the Appliance Management UI, the browser will warn the user that the certs are not trusted, with the following error: ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
The Appliance Management UI signed certs have reverted to system-generated self-signed certs.
Remediation:
For Cloud Director 10.1.3, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate
For Cloud Director 10.2.1 and 10.2.2, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate
Symptom 5:
When accessing the Cloud Director UI, the browser will warn the user that the certs are not trusted, with the following error: ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
or,
Connections to VM Consoles fails
The VMware Cloud Director UI certs have reverted to system-generated self-signed certs.
Remediation:
For Cloud Director 10.1.3, see Replacing Certificates for the HTTPS and Console Proxy Endpoints
For Cloud Director 10.2.1 and 10.2.2, see Replacing Certificates for the HTTPS and Console Proxy Endpoints
Symptom 6:
The appliance vpostgres service was stopped.
Remediation:
Start the appliance vpostgres service:
systemctl start vpostgres
To resolve this issue for any affected Cloud Director Appliances perform the needed remediation.
Note: Not all symptoms will occur for each deployment.
Symptom 1:
The /opt/vmware/etc/vami/flags/vami_firstboot file still exists after Appliance deployment.
Remediation:
Delete the /opt/vmware/etc/vami/flags/vami_firstboot file with this command:
rm /opt/vmware/etc/vami/flags/vami_firstboot
Symptom 2:
The appliance OS root password is expired.
Remediation:
Set the new OS root password on the next OS login.
Symptom 3:
The Appliance Management UI is showing the Appliance System Setup page appears even though the appliance is already configured.
Remediation:
Fix the Appliance to not show the Appliance System Setup page
- SSH into the appliance as root
- Run the following commands:
- source /opt/vmware/appliance/bin/ui-config-utils.sh
- update_ui_config true
- systemctl restart vcd_ova_ui
Symptom 4:
When accessing the Appliance Management UI, the browser will warn the user that the certs are not trusted, with the following error: ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
The Appliance Management UI signed certs have reverted to system-generated self-signed certs.
Remediation:
For Cloud Director 10.1.3, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate
For Cloud Director 10.2.1 and 10.2.2, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate
Symptom 5:
When accessing the Cloud Director UI, the browser will warn the user that the certs are not trusted, with the following error: ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
or,
Connections to VM Consoles fails
The VMware Cloud Director UI certs have reverted to system-generated self-signed certs.
Remediation:
For Cloud Director 10.1.3, see Replacing Certificates for the HTTPS and Console Proxy Endpoints
For Cloud Director 10.2.1 and 10.2.2, see Replacing Certificates for the HTTPS and Console Proxy Endpoints
Symptom 6:
The appliance vpostgres service was stopped.
Remediation:
Start the appliance vpostgres service:
systemctl start vpostgres
Feedback
Yes
No
Powered by
