This is a known issue affecting VMware vCenter Server 6.7 and 7.0.
Workaround:
To workaround this issue, increase the heap size of vmware-stsd or change the certificate revocation checking method from CRL to OCSP.
Heap SizeIncrease the heap size of vmware-stsd service by following below steps. These steps are applicable only from vCenter Server 6.7 Update 3 and above builds. Update the vCenter Server to 6.7 Update 3 or above builds before proceeding with below steps :
- Connect to VCSA using SSH
- Change the shell to Bash
Connected to service
* List APIs: "help api list"
* List Plugins: "help pi list"
* Launch BASH: "shell"
Command> shell
Shell access is granted to root
root@vcsa [ ~ ]#
- Increase the Heap Size to 1024MB. Please note, you might have to increase the Memory (RAM) of vCenter Server before increasing the heap size. Refer to Related Information of this KB for more details.
cloudvm-ram-size -C 1024 vmware-stsd
- Restart the vmware-stsd Service
service-control --stop vmware-stsd && service-control --start vmware-stsd
Certification Revocation Checking
Updating the Certificate revocation settings to OCSP can also be used as a workaround. Your PKI infrastructure must support his method of certificate revocation to work properly. You can update the certificate revocation settings in the vSphere Client.
- From the Home menu, select Administration.
- Under Single Sign On, click Configuration.
- Click Smart Card Authentication.
- Under Smart card authentication settings, click Certificate revocation and click Edit.
- Change the Revocation check to Use OCSP only and provide the location.
For more information on configuring certificate revocation, reference
Set Revocation Policies for Smart Card Authentication in the VMware Documentation