Receiving ERROR " The source host thumbprint is different than the provided one" on the prechecks of upgrading vCenter.
Article ID: 340941
Updated On:
Products
Issue/Introduction
Symptoms:
Receiving this Error while upgrading :
On the Target vCenter node, you will find log entries similar to the following.
/var/log/vmware/upgrade/upgrade_requirements.log
YYYY-MM-DDT0.776Z ERROR transport.guestops Different thumbprint from host //XXXXX:443: SHA thumbprint mismatch. Expected: `56ef##################################85`, actual: `2a8b##################################c9`
Traceback (most recent call last):
File "/usr/lib/vmware/cis_upgrade_runner/libs/sdk/transport/guestops.py", line 124, in _createServiceInstance
self.serviceInstance.RetrieveContent()
File "/usr/lib/vmware/cis_upgrade_runner/libs/pyVmomi/VmomiSupport.py", line 618, in <lambda>
self.f(*(self.args + (obj,) + args), **kwargs)
File "/usr/lib/vmware/cis_upgrade_runner/libs/pyVmomi/VmomiSupport.py", line 391, in _InvokeMethod
return self._stub.InvokeMethod(self, info, args)
File "/usr/lib/vmware/cis_upgrade_runner/libs/pyVmomi/SoapAdapter.py", line 1555, in InvokeMethod
conn = self.GetConnection()
File "/usr/lib/vmware/cis_upgrade_runner/libs/pyVmomi/SoapAdapter.py", line 1643, in GetConnection
self.VerifyThumbprint(self.thumbprint, result)
File "/usr/lib/vmware/cis_upgrade_runner/libs/pyVmomi/Security.py", line 1122, in _VerifyThumbprint
VerifyCertThumbprint(derCert, thumbprint)
File "/usr/lib/vmware/cis_upgrade_runner/libs/pyVmomi/Security.py", line 45, in VerifyCertThumbprint
raise ThumbprintMismatchException(thumbprint, shaDigest)
pyVmomi.Security.ThumbprintMismatchException: SHA thumbprint mismatch. `56ef##################################85`, actual: `2a8b##################################c9`
YYYY-MM-DDT0.776Z ERROR root upgrade.commands Source host thumbprint is different than the provided one.
YYYY-MM-DDT0.776Z ERROR root Could not create command factory.
YYYY-MM-DDT0.776Z ERROR __main__ ERROR: Fatal error during upgrade REQUIREMENTS. For more
Environment
VMware vCenter Server 6.5.x
VMware vCenter Server 7.0.x
Cause
- The newly deployed vCenter was given a specific ESXi host as the deployment target during Stage 1 of the installer instead of a vCenter Server
- DRS has migrated the source and target vCenter since initial deployment
Resolution
To resolve this instead of migrating the vCenter Source and Target VMs the following workarounds are available:
Workaround #1
Redeploy the target VCSA appliance and use a vCenter Server address as source and target VM destinations
- Restart the VCSA deployment from Stage 1
- Proceed to "Connect to Source Appliance" page of the UI Installer
- Under "ESXi Host or vCenter Server that manages the source appliance" provided the vCenter Server and SSO credentials instead of an ESXi host.
- Proceed to "vCenter Server Deployment Target" page of the UI installer
- For the target provide the vCenter Server and SSO credentials that manages the desired target ESXi host, you will be prompted on the next page to select the cluster and host.
- Finish the rest of Stage 1 as done previously
Workaround #2
In the logs it is mentioned the actual thumbprint `2a8b##################################c9`
To get the host thumbprint and apply them on both Source and Target (Newly deployed node) vCenters do the following:
- SSH to the ESXi Host where both vCenters resided.
- cd /etc/vmware/ssl at the host and type the following:
- openssl x509 -in rui.crt -fingerprint
- Confirm what is the thumbprint on both vCenters if it matches the hosts they reside on by this command on the vCenters SSH.
- install-parameter upgrade.source.ssl.thumbprint
- Take the fingerprint output in step 2 and add it to this command then run it from VCs SSH (apply the thumbprint of each VC regarding to the hosts it resides on):
- install-parameter upgrade.source.ssl.thumbprint -s "Thumb_Print"
- install-parameter upgrade.source.ssl.thumbprint -s "2A:8B:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:C9"
- Perform the pre-checks.
Feedback
