The **vmware-updatemgr** service fails to start from the CLI and crashes on the VAMI page.
search cancel

The **vmware-updatemgr** service fails to start from the CLI and crashes on the VAMI page.

book

Article ID: 345101

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • When attempting to start the "vmware-updatemgr" service from the CLI, the following error is displayed:
service-control --start vmware-updatemgr

Operation not cancellable. Please wait for it to finish...

Performing start operation on service updatemgr...

Error executing start on service updatemgr. Details {

...

"localized": "An error occurred while starting service 'updatemgr'",

"translatable": "An error occurred while starting service '%(0)s'",

"id": "install.ciscommon.service.failstart"

Service-control failed. Error: {

...

"localized": "An error occurred while starting service 'updatemgr'",

"translatable": "An error occurred while starting service '%(0)s'",

"id": "install.ciscommon.service.failstart"

 

  • The "vmware-updatemgr" service crashes in VAMI.

 

Environment

6.7.x

Cause

  • The rui.crt and rui.key files are mismatched in the following path on vCenter.

# /usr/lib/vmware-updatemgr/bin/ssl/rui.crt
# /usr/lib/vmware-updatemgr/bin/ssl/rui.key
  • The user updatemgr does not have permission for MACHINE_SSL_CERT.

          - No owner permission assigned for vci-integrity.xml.

Resolution

- Verify if the permission for MACHINE_SSL_CERT has not been granted to the user updatemgr.

# /usr/lib/vmware-vmafd/bin/vecs-cli store get-permissions --name MACHINE_SSL_CERT

- Grant the permission for MACHINE_SSL_CERT to the user updatemgr.

# /usr/lib/vmware-vmafd/bin/vecs-cli store permission --name MACHINE_SSL_CERT --user updatemgr --grant read

- Validate the permission has been granted or not

================================================================================================================
 

  • Mismatch between rui.crt and rui.key.

          - The incorrect rui.crt and rui.key files are located at the following path:

# /usr/lib/vmware-updatemgr/bin/ssl/rui.crt

# /usr/lib/vmware-updatemgr/bin/ssl/rui.key

         - You can also compare the replaced file with the backup files to identify the mismatch.

# diff /usr/lib/vmware-updatemgr/bin/ssl/rui.crt /usr/lib/vmware-updatemgr/bin/ssl/rui_bckp.crt

# diff /usr/lib/vmware-updatemgr/bin/ssl/rui.key /usr/lib/vmware-updatemgr/bin/ssl/rui_bckp.key
  • Create a backup of the rui.crt and rui.key files:
# cd /usr/lib/vmware-updatemgr/bin/ssl/

# cp rui.crt rui_bckp.crt

# cp rui.key rui_bckp.key

          - You can find the original files at the following location:

/etc/vmware-vpx/ssl/rui.crt

/etc/vmware-vpx/ssl/rui.key

================================================================================================================

  • After replacing the rui.crt and rui.key files, check the refreshCerts-utility.log for any errors. If no errors are found, attempt to start the "vmware-updatemgr" service. However, if you encounter an error like "Unable to open vci-integrity.xml," follow the steps below.

          - You will encounter the following error: "Unable to open vci-integrity.xml."



          - Run the following command to change the owner:

# chown updatemgr:updatemgr /usr/lib/vmware-updatemgr/bin/vci-integrity.xml

 

  • Before changing the owner of vci-integrity.xml:

 

  • After changing the owner of vci-integrity.xml:

 

Additional Information

Impact/Risks:

 

The "vmware-updatemgr" service cannot be started.

Powered by Wolken Software