vCenter Certificate Manager fails with error -1 (4294967295) during certificate replacement
search cancel

vCenter Certificate Manager fails with error -1 (4294967295) during certificate replacement

book

Article ID: 326445

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • The operation fails at the "Replacing Machine SSL Cert" or "Generating CSR" stage.

  • Replacing Machine_ssl_cert via Certificate Manager fails with below

    Using config file : /var/tmp/vmware/MACHINE_SSL_CERT.cfg
    Status : Failed
    Error Code : 4294967295
    Error Message : Operation failed with error = -1 (4294967295)

    Status : 0% Completed [Operation failed, performing automatic rollback]


  • Logs /var/log/vmware/vmcad/certificate-manager.log :

    >timestamp< ERROR certificate-manager {
        "resolution": null,
        "detail": [
            {
                "args": [
                    "Using config file : /var/tmp/vmware/MACHINE_SSL_CERT.cfg\nStatus : Failed\nError Code : 4294967295\nError Message : Operation failed with error = -1 (4294967295)\n"
                ],
                "id": "install.ciscommon.command.errinvoke",
                "localized": "An error occurred while invoking external command : 'Using config file : /var/tmp/vmware/MACHINE_SSL_CERT.cfg\nStatus : Failed\nError Code : 4294967295\nError Message : Operation failed with error = -1 (4294967295)\n'",
                "translatable": "An error occurred while invoking external command : '%(0)s'"
            },
            "Error in generating cert for store MACHINE_SSL_CERT"
        ],
        "componentKey": null,
        "problemId": null
    }
    >timestamp< INFO certificate-manager Performing rollback of Root Cert...

Environment

VMware vCenter Server Appliance 8.0
VMware vCenter Server Appliance 7.0
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.5.x

Cause

The certificate-manager utility fails because corrupted temporary configuration (.cfg) files remaining in the /var/tmp/vmware/ directory from a previous interrupted or failed certificate operation.

Resolution

  1. Perform an offline snapshot of the vCenter Server Appliance (and all nodes in the same SSO domain) before proceeding.

  2. Log in to the vCenter Server Appliance via SSH as root.

  3. Navigate to the temporary VMware directory: cd /var/tmp/vmware/

  4. Identify and remove or move the existing configuration files: mv /var/tmp/vmware/*.cfg /tmp/

  5. Restart the certificate replacement process using the certificate-manager utility: /usr/lib/vmware-vmca/bin/certificate-manager



Powered by Wolken Software