vCenter upgrade to 8 fails during Pre-Check with the below error.
"Error Failed to get server certificate for validation
Resolution Make sure that the sso service is reachable and started before continuing"
This issue is seen when port 7444 is not accessible on the vCenter.
To verify if port 7444 is accessible, run the below command
root@vcsa01 [ ~ ]# curl -vvv -k https://127.0.0.1:7444
* Trying 127.0.0.1:7444...
* Connected to 127.0.0.1 (127.0.0.1) port 7444 (#0)
* ALPN: offers http/1.1
If the above command fails to connect, it means that port 7444 is blocked on the vCenter.
To check for any firewall on vCenter, check the iptables using the below command.
iptables -L | grep -i 7444
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7444
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7444
In this case, we can see two drop rules for port 7444.
1. Remove any firewall set for port 7444 on the vCenter.
2. To edit iptables and remove the firewall, follow below steps.
Export the firewall rule using : iptables-save > /var/tmp/iptables.rules.default
Edit the file, remove the entry and save the file : vi /var/tmp/iptables.rules.default
cat or less the file again and make sure that the entry is gone.
Now restore the firewall rule by : iptables-restore < /var/tmp/ iptables.rules.default
Run iptables -nL command again and make sure the rule is not there
3. Run the curl command and test the connection on port 7444.
curl -vvv -k https://127.0.0.1:7444
4. Retry the upgrade.