Repairing a VMware Cloud Director Appliance that was re-initialized
search cancel

Repairing a VMware Cloud Director Appliance that was re-initialized

book

Article ID: 323311

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

This article provides steps to recover a VMware Cloud Director Appliance that was re-initialized.

Symptoms:
  • After vCD Appliance deployment, the /opt/vmware/etc/vami/flags/vami_firstboot file still exists.
  • vCD Appliance Management UI redirects to Appliance System Setup.
  • Logging into the vCD Appliance requires resetting the root password.
  • When accessing the vCD Appliance Management UI or VMware Cloud Director UI, the browser will warn the user that the certs are not trusted, with the following error NET::ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT.
Note: This error message may differ in different browsers.

In Chrome and Edge: error NET::ERR_CERT_AUTHORITY_INVALID

image.png

In Mozilla: error code MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
  • Connection to VM Console fails.
  • The vCD Appliance vpostgres service is stopped.
 
 
 
 


Environment

VMware Cloud Director 10.x

Cause

This is a known issue affecting Cloud Director versions 10.1.3, 10.2.1 and 10.2.2. This issue occurs when the /opt/vmware/etc/vami/flags/vami_firstboot file is not deleted after setup. Rebooting the appliance in this state triggers a re-initialization.

Resolution

To avoid the Appliance re-initializing, see How to avoid VMware Cloud Director Appliance re-initialization after a power cycle or restart.

To resolve this issue for any affected Cloud Director Appliances perform the needed remediation.

Note: Not all symptoms will occur for each deployment.

Symptom 1:
The /opt/vmware/etc/vami/flags/vami_firstboot file still exists after Appliance deployment.

Remediation:
Delete the /opt/vmware/etc/vami/flags/vami_firstboot file with this command:

rm /opt/vmware/etc/vami/flags/vami_firstboot


Symptom 2:
The appliance OS root password is expired.

Remediation:
Set the new OS root password on the next OS login.


Symptom 3:
The Appliance Management UI is showing the Appliance System Setup page appears even though the appliance is already configured.

Remediation:
Fix the Appliance to not show the Appliance System Setup page
  1. SSH into the appliance as root
  2. Run the following commands:
  • source /opt/vmware/appliance/bin/ui-config-utils.sh
  • update_ui_config true
  • systemctl restart vcd_ova_ui

Symptom 4:
When accessing the Appliance Management UI, the browser will warn the user that the certs are not trusted, with the following error: ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

The Appliance Management UI signed certs have reverted to system-generated self-signed certs. 

Remediation:
For Cloud Director 10.1.3, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate

For Cloud Director 10.2.1 and 10.2.2, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate


Symptom 5:
When accessing the Cloud Director UI, the browser will warn the user that the certs are not trusted, with the following error: ERR_CERT_AUTHORITY_INVALID or MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
or,
Connections to VM Consoles fails

The VMware Cloud Director UI certs have reverted to system-generated self-signed certs.

Remediation:
For Cloud Director 10.1.3, see Replacing Certificates for the HTTPS and Console Proxy Endpoints
For Cloud Director 10.2.1 and 10.2.2, see Replacing Certificates for the HTTPS and Console Proxy Endpoints


Symptom 6:
The appliance vpostgres service was stopped.

Remediation:
Start the appliance vpostgres service: 
systemctl start vpostgres