Firstboot fails when upgrading vCenter Server Appliance 6.7 with no DNS records
search cancel

Firstboot fails when upgrading vCenter Server Appliance 6.7 with no DNS records

book

Article ID: 324845

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • Firstboot fails during Install/Deployment, Upgrade or Migration of vCenter Server Appliance 6.7 with no DNS records.
  • In the firstbootStatus.json file, you see following services failed to configure or start during firstboot:
    • "failedsteps": "vapi_firstboot"
    • "failedSteps": "vpxd_firstboot"
    • "failedSteps": "vmafd-firstboot"
    • "failedSteps": "vmidentity-firstboot"
  • In the vapi_firstboot.py_####_stderr.log file, you see the error:

    "Failed to configure vAPI Endpoint Service at the firstboot time"
     
  • In the cloudvm.log file, you see the error:

    Stdout: DNS reverse lookup on [IP_Address] has failed.
    Unable to obtain hostname from DNS reverse lookup.
    Please examine DNS/network configuration.
     
  • In the endpoint.log file, you see entries similar to:
    Note: vCenter Server Appliance - Each service will have it's own folder in the /var/log/vmware/ directory. The endpoint logs are located in the /var/log/vmware/vapi/endpoint folder.
     
    • Native platform error [code: 5][Begin enum on store 'TRUSTED_ROOTS' failed
    • Cannot initialize STS SSL trust certificate settings
  • In the vpxd_firstboot.py_####_stderr.log file, you see the entries similar to:
     
    • ERROR:root:Security error: (vmodl.fault.SecurityError)
    • Error: Operation timed out
    • VirtualCenter firstboot failed
    • An error occurred while starting service 'vpxd-svcs'
ParseStatusFile: curr error msg: "VMware VirtualCenter failed firstboot." 
ParseStatusFile: curr error msg: "An error occurred while starting service 'vpxd'"

 

  • In the vpxd-#.log file, you see the error:

    Failed to connect to SSO
Note: vCenter Server Appliance - Each service will have it's own folder in the /var/log/vmware/ directory. The vpxd logs are located in the /var/log/vmware/vpxd folder.
  • In the vmidentity-firstboot.py_####_stdout.log file, you see the error:

    The SSL certificate of STS service cannot be verified
     
  • In the vmware-sts-idmd.log file, you see the error:

    PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
     
  • In the vmafd_firstboot.py_#####_stderr.log file, you see the error:

    2018-04-25T14:24:50.397Z Exception: Traceback (most recent call last):
    File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 189, in main
    wait_for_dc_reg_val_update()
    File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 126, in wait_for_dc_reg_val_update
    problemId = "install.vmafd.wait_for_dc_reg_val_update_failed")
    cis.baseCISException.BaseInstallException: {
    "problemId": "install.vmafd.wait_for_dc_reg_val_update_failed",
    "componentKey": "vmafd",
    "resolution": {
    "translatable": "Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request.",
    "id": "install.vmafd.wait_for_dc_reg_val_update_failed.resolution",
    "localized": "Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request."
    },
    "detail": [
    {
    "translatable": "ERROR: failed to create initial dc reg value",
    "id": "install.vmafd.wait_for_dc_reg_val_update_failed",
    "localized": "ERROR: failed to create initial dc reg value"
    }
    ]
    }
  • In the /var/log/vmware/applmgmt/vami.log file, you see the error:

    "status": "error",
    "warning": [],
    "question": null,
    "progress_message": {
    "id": "install.ciscommon.component.starting",
    "args": [
    "VMware Authentication Framework"
    "translatable": "The installation of vCenter Server failed due to an internal error."
    "componentKey": "fb-infra",
    "problemId": null,
    "resolution": {
    "id": "install.default.failure.resolution",
    "translatable": "This is an unrecoverable error, please retry install. If you encounter this error again, please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request."

For more information on:



Environment

VMware vCenter Server Appliance 6.7.x

Cause

This issue occurs when deploying a vCenter Server Appliance 6.7 with an IP address that has no DNS record configured. IP based deployments without DNS are not supported.

Resolution

To resolve this issue, ensure to verify that the IP address has a valid (internal) domain name system (DNS) registration before deploying a vCenter Server Appliance 6.7 with a static IP address.  

For more information about DNS requirements, see DNS Requirements for the vCenter Server Appliance and Platform Services Controller Appliance. If this article didn’t solve your issue:

 

Additional Information

To avoid DNS issue, ensure that:

  • vCenter Server Appliance deployments utilizing a static IP address are configured with a valid internal domain name system (DNS) registration.
  • vCenter Server Appliance deployments utilizing a fully qualified domain name (FQDN) are resolvable by a DNS server.
  • Ensure that Reverse lookup is implemented using PTR records.
  • Ensure the network and portgroup the vCenter Server Appliance is deployed to can reach a DNS Server.

To collect a log bundle or review log files:



Powered by Wolken Software