Rebooting vCenter Server Appliance 5.1 takes a long time when regenerating SSL certificates
search cancel

Rebooting vCenter Server Appliance 5.1 takes a long time when regenerating SSL certificates

book

Article ID: 328740

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:
  • Rebooting the vCenter Server Appliance (VCSA) 5.1 when performing SSL certificate regeneration takes 20 minutes or more.
  • The VCSA takes 20 minutes or more to reboot.
  • This issue occurs in VCSA versions 5.1 Update 1a and Update 1b.
  • The vpxd_cfg.log file (located at /var/log/vmware/vpx/ ) contains entries similar to:

    YYYY-MM-DD 11:38:17 2371: [2368]BEGIN execution of: /usr/sbin/vpxd_servicecfg certificate change /tmp/tmp.O0Jdpx5esm/chain.pem /tmp/tmp.O0Jdpx5esm/rui.key

    YYYY-MM-DD 11:59:16 2371: VC_CFG_RESULT=0

    Note: The time taken is indicated by certificate change task in the log.

  • This issue occurs when the Toggle certificate setting is selected in the VCSA Web interface (at http://VCVA_hostname:5480, under the Admin tab).


Resolution

This is a known issue affecting vCenter Server Appliance 5.1 Update 1a and Update 1b.
This issue is resolved in vCenter Server Appliance 5.5, available at VMware Downloads. For more information about this version, see the VMware vSphere 5.5 Release Notes.

To work around this issue if you are unable to upgrade, modify the vpxdva_subsequentboot_net configuration file.
To modify the vpxdva_subsequentboot_net configuration file:
  1. Connect to the vCenter Server Appliance via SSH. For more information, see Enable or Disable SSH Administrator Login on the VMware vCenter Server Appliance in the vCenter Server and Host Management Guide.
  2. Navigate to the /usr/sbin/ directory.
  3. Back up the vpxdva_subsequentboot_net file. Do not skip this step.
  4. Open the vpxdva_subsequentboot_net file using the vi editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  5. Add the line:

    /etc/init.d/haveged start

    For example, change the default configuration file from:

    #!/bin/bash

    # this is executed on each boot, except the first,
    # after network has been brought up.

    COMMONUTILS=/usr/sbin/vpxd_commonutils

    . $COMMONUTILS

    regenerate_certificates

    To:

    #!/bin/bash

    # this is executed on each boot, except the first,
    # after network has been brought up.

    COMMONUTILS=/usr/sbin/vpxd_commonutils

    . $COMMONUTILS


    regenerate_certificates
  6. Save and close the vpxdva_subsequentboot_net configuration file.
  7. Reboot the vCenter Server Appliance.


Additional Information

Editing files on an ESX host using vi or nano
Troubleshooting the vCenter Server Appliance with Single Sign-On login
SSL 証明書の再生成時、vCenter Server Appliance 5.1 の再起動に時間がかかる

Powered by Wolken Software