Decoding a non-zero VC_CFG_RESULT for failed vpxd_servicecfg certificate changes
Article ID: 341117
Updated On:
Products
VMware vCenter Server
Issue/Introduction
When changing certificates in vCenter Server Appliance, you can run this command to verify the changes:
/usr/sbin/vpxd_servicecfg certificate change chain.pem rui.key
When the changes are successful, this command returns output similar to:
VC_CFG_RESULT = 0
VC_CFG_RESULT = 0
A non-zero value is returned if there are issues with the certificate change.
This article provides troubleshooting information that helps in diagnosing and decoding non-zero VC_CFG_RESULT errors that can cause the vpxd_servicecfg certificate changes to fail.
Environment
VMware vCenter Server Appliance 5.1.x
VMware vCenter Server Appliance 5.5.x
VMware vCenter Server Appliance 5.5.x
Cause
Resolution
Error Code Description
vpxd.log file, located at /var/log/vmware/vpx/vpxd.log and scroll down to see the exact reason.
- Check the argument order of vpxd_servicecfg certificate change command.
*.crt file and private key in the *.key file do not match.
*.crt file.
VC_CFG_RESULT=710 - Review the sso_servicecfg.log file for the string READY COMMAND configure-ssl and review entries after the string.
- Review the vpxd.log file and scroll down to see the exact reason.
The certificate chain is incomplete and does not terminate with the self-signed root certificate.
Possible Actions
- Obtain the root certificate from you Certificate Authority (CA) server in Base64-encoded form and append it at the end of the chain file (for example, cachain.p7b).
Additional Information
Feedback
Yes
No
Powered by
