Update manager service crashes as soon as it starts with no VUM log entries.
Article ID: 335096
Updated On:
Products
Issue/Introduction
The purpose of this KB is to get the Update Manager service started.
Update manager service crashes as soon as it starts with no VUM log entries. The update manager logs never get updated.
/var/log/vmware/vmon/vmon.log shows the following:YYYY-MM-DDTHH:MM:SS notice vmon Received start for updatemgrYYYY-MM-DDTHH:MM:SS notice vmon Load runstate service updatemgr.jsonYYYY-MM-DDTHH:MM:SS notice vmon Constructed command: /usr/lib/vmware-updatemgr/bin/vmware-updatemgr /usr/lib/vmware-updatemgr/bin/vci-integrity.xmlYYYY-MM-DDTHH:MM:SS notice vmon Constructed command: /usr/bin/python /usr/lib/vmware-updatemgr/bin/updatemgr-vmon-apihealth.pyYYYY-MM-DDTHH:MM:SS warning vmon Service updatemgr api-health command's stderr: YYYY-MM-DDTHH:MM:SS Failed to open health status fileYYYY-MM-DDTHH:MM:SS warning vmonYYYY-MM-DDTHH:MM:SS notice vmon Re-check service updatemgr health since it is still initializing.YYYY-MM-DDTHH:MM:SS warning vmon Service updatemgr exited. Exit code 1
vpxd.log has entries similar to:YYYY-MM-DDTHH:MM:SS info vpxd[7F21A01F4700] [Originator@6876 sub=vpxLro opID=6cdd62cd] [VpxLRO] -- BEGIN lro-98129 -- SessionManager -- vim.SessionManager.loginByToken -- aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaaYYYY-MM-DDTHH:MM:SS info vpxd[7F21A01F4700] [Originator@6876 sub=[SSO] opID=6cdd62cd] [UserDirectorySso] GetUserInfo(username.domain.coml\vpxd-extension-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, false)YYYY-MM-DDTHH:MM:SS info vpxd[7F21A01F4700] [Originator@6876 sub=[SSO] opID=6cdd62cd] [UserDirectorySso] GetUserInfo(username.domain.com\vpxd-extension-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, false) res: username.domain.com\vpxd-extension-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxYYYY-MM-DDTHH:MM:SS info vpxd[7F21A01F4700] [Originator@6876 sub=vpxLro opID=6cdd62cd] [VpxLRO] -- FINISH lro-98129YYYY-MM-DDTHH:MM:SS info vpxd[7F2153F7E700] [Originator@6876 sub=vpxLro opID=3bd31dcd] [VpxLRO] -- BEGIN lro-98131 -- ExtensionManager -- vim.ExtensionManager.findExtension -- aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa(11111111-1111-1111-1111-111111111111)YYYY-MM-DDTHH:MM:SS info vpxd[7F2153F7E700] [Originator@6876 sub=vpxLro opID=3bd31dcd] [VpxLRO] -- FINISH lro-98131YYYY-MM-DDTHH:MM:SS info vpxd[7F21539F3700] [Originator@6876 sub=vpxLro opID=68b92dbc] [VpxLRO] -- BEGIN lro-98132 -- ExtensionManager -- vim.ExtensionManager.updateExtension -- aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa(11111111-1111-1111-1111-111111111111)YYYY-MM-DDTHH:MM:SS info vpxd[7F21539F3700] [Originator@6876 sub=MoExtensionMgr opID=68b92dbc] [SkipCM] Skipping Component Manager registration for extension=com.vmware.vcIntegrityYYYY-MM-DDTHH:MM:SS info vpxd[7F21539F3700] [Originator@6876 sub=vpxLro opID=68b92dbc] [VpxLRO] -- FINISH lro-98132YYYY-MM-DDTHH:MM:SS info vpxd[7F21533E7700] [Originator@6876 sub=vpxLro opID=5569c75a] [VpxLRO] -- BEGIN lro-98133 -- ExtensionManager -- vim.ExtensionManager.setCertificate --aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa11111111-1111-1111-1111-111111111111)YYYY-MM-DDTHH:MM:SS info vpxd[7F21533E7700] [Originator@6876 sub=MoExtensionMgr opID=5569c75a] [ExtensionManagerMo] Certificate set for extension com.vmware.vcIntegrityYYYY-MM-DDTHH:MM:SS info vpxd[7F21533E7700] [Originator@6876 sub=vpxLro opID=5569c75a] [VpxLRO] -- FINISH lro-98133YYYY-MM-DDTHH:MM:SS info vpxd[7F2153D7A700] [Originator@6876 sub=vpxLro opID=30373cd3] [VpxLRO] -- BEGIN lro-98134 -- ExtensionManager -- vim.ExtensionManager.findExtension -- bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb(22222222-2222-2222-2222-222222222222)
From the above, we can see that the account being used for the registration of the service is vpxd-extension-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
/var/log/vmware/cert-manager/cm.log has entries similar to:
YYYY-MM-DDTHH:MM:SS [pool-2-thread-1 [] ERROR com.vmware.cis.services.cm.service.ServiceManagerImplTemplate (yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy)] reRegisterService v1: Not authorized to re-register zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz; e: null
Here we see that the account being used for re-registering the service registration (vpxd-extension-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) was not authorized to do so.
Environment
VMware Update Manager 6.5
Cause
Cause is currently unknown.
Resolution
Before making any LDAP or SSO modifications, you must perform the following:
- vCenter Backup or Snapshot
Take a full file-based backup of the vCenter Server using the supported backup methods (via VAMI or API).
Create a VM-level snapshot of the vCenter Server Appliance (VCSA) via vSphere Client.
- Export LDAP Configuration Using JXplorer
This serves as a lightweight backup of the existing directory structure.
Steps:
-
Download and Install JXplorer
-
Get the installer from the official website: https://jxplorer.org/downloads/users.html
-
Install and launch the application.
-
-
Connect to the Affinitized Platform Services Controller (PSC): (Using JXplorer to connect to the vSphere Single Sign-on)
-
Use JXplorer to connect to the vSphere SSO LDAP service.
-
LDAP URL:
ldap://<PSC-FQDN>:389 -
Base DN:
dc=vsphere,dc=local -
Bind DN:
cn=Administrator,cn=Users,dc=vsphere,dc=local -
Password: Use the vSphere SSO Administrator password.
-
-
Navigate to Built-in Administrators:
-
Expand the directory tree:
Built-in > Administrators
-
-
Review Table Editor View:
-
Switch to the “Table Editor View” in JXplorer.
-
You should see entries like:
-
-
Modify the Incorrect Entry:
-
Identify the entry:
-
Change it to:
-
-
Restart All vCenter Services: SSH into the vCenter Server and run:
Additional Information
Impact/Risks:
This process can be destructive, Please make sure you have backups of all nodes in the vSphere domain.
Before going through the resolution of this KB, please check that the trust anchors are OK.
Feedback
