Prechecks during preparation for an SDDC upgrade to 5.x can give an error with the message:
ERROR vSphere SHA-1 validation failed
High: Do not perform upgrade without addressing this issue.
Check the /var/log/vmware/vcf/operationsmanager/assessment/pythonvalidations/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/artifacts/vsphere-sha1-validation-execution-error-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.txt file for more details. If that file contains error code 'rpc_s_connection_closed' then please retry the precheck as it could not connect to verify whether weak algorithms (e.g. SHA-1) are in use on the vCenter.
5.x
Referencing the log file mentioned in the error, we find a message similar to the one below:
/opt/vmware/vcf/operationsmanager/scripts/assessment/2x-migration/lib/third-party/pyvmomi-7.0.1/pyVmomi/Version.py:26: SyntaxWarning: "is" with a literal. Did you mean "=="?
if isLegacy or ns is "":
2025-01-01 01:01:00.000Z ERROR Error: Failed to trigger root cert refresh
vecs-cli failed. Error 382312694: Access denied, reason = rpc_s_auth_method (0x16c9a0f6).
2025-01-01 01:01:00.000Z ERROR Failed to refresh vecs store.
Error: Error: Failed to trigger root cert refresh
vecs-cli failed. Error 382312694: Access denied, reason = rpc_s_auth_method (0x16c9a0f6).
The key error to look for being:2025-01-01 01:01:00.000Z ERROR Failed to refresh vecs store.
Error: Error: Failed to trigger root cert refresh
Within the VECS store the refresh function has fallen out of sync, a manual refresh is required on the vCenter appliance
# /usr/lib/vmware-vmafd/bin/vecs-cli force-refresh
Proceed to run the precheck once more and the error should be cleared