Prechecks during preparation for an SDDC upgrade to 5.x can give an error with the message:

ERROR vSphere SHA-1 validation failed
High: Do not perform upgrade without addressing this issue.
Check the /var/log/vmware/vcf/operationsmanager/assessment/pythonvalidations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/artifacts/vsphere-sha1-validation-execution-error-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.txt file for more details. If that file contains error code 'rpc_s_connection_closed' then please retry the precheck as it could not connect to verify whether weak algorithms (e.g. SHA-1) are in use on the vCenter.

5.x

Referencing the log file mentioned in the error, we find a message similar to the one below:

/opt/vmware/vcf/operationsmanager/scripts/assessment/2x-migration/lib/third-party/pyvmomi-7.0.1/pyVmomi/Version.py:26: SyntaxWarning: "is" with a literal. Did you mean "=="?
  if isLegacy or ns is "":
2025-01-01 01:01:00.000Z ERROR Error: Failed to trigger root cert refresh

vecs-cli failed. Error 382312694: Access denied, reason = rpc_s_auth_method (0x16c9a0f6).
2025-01-01 01:01:00.000Z ERROR Failed to refresh vecs store.
 Error: Error: Failed to trigger root cert refresh

vecs-cli failed. Error 382312694: Access denied, reason = rpc_s_auth_method (0x16c9a0f6).

The key error to look for being:

2025-01-01 01:01:00.000Z ERROR Failed to refresh vecs store.
 Error: Error: Failed to trigger root cert refresh

Within the VECS store the refresh function has fallen out of sync, a manual refresh is required on the vCenter appliance

1. Take a snapshot of the vCenter Appliance. Need to take the offline snapshot for all of ELM vCenter Server. See also KB 313886.
2. SSH using root to the vCenter.
3. Run the following command:

# /usr/lib/vmware-vmafd/bin/vecs-cli force-refresh

Proceed to run the precheck once more and the error should be cleared