Tasks "Generate a certificate signing request using the specified Distinguished Name" and "Notify services affected by SSL credentials change" repeating constantly on vCenter
search cancel

Tasks "Generate a certificate signing request using the specified Distinguished Name" and "Notify services affected by SSL credentials change" repeating constantly on vCenter

book

Article ID: 385807

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

After patching ESXi hosts, vCenter repeats tasks "Generate a certificate signing request using the specified Distinguished Name" and "Notify services affected by SSL credentials change".


vmafdd.log indicates constantly Deleting/Adding the certificates for vmware-sps.

YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97819] Entering VecsIpcDeleteEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] VecsSrvDeleteCertificate: Deleted cert (alias 00000000-0000-0000-0000-000000000000) from store 11
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97819] End of VecsIpcDeleteEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97820] Entering VecsIpcAddEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] Added cert to VECS DB: 00000000-0000-0000-0000-000000000000
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97820] End of VecsIpcAddEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97850] Entering VecsIpcDeleteEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] VecsSrvDeleteCertificate: Deleted cert (alias 00000000-0000-0000-0000-000000000000) from store 11
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97850] End of VecsIpcDeleteEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97851] Entering VecsIpcAddEntry
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] Added cert to VECS DB: 00000000-0000-0000-0000-000000000000
YYYY-MM-DDTHH:MM:SS [vmafdd][INFO] [OPID :vmware-sps.launcher_1078321_97851] End of VecsIpcAddEntry

On sps.log we can see the affected hosts are returning UUID as zeros

}, host-101207=(HostInfo) {
   IOFilterEnabled = true
   hostName = esxihost.domain.fqdn
   hostUuid = 00000000-0000-0000-0000-000000000000
   hostVersion = 8.0.3

Environment

vSphere 8.0

Cause

When more than one host have the UUID as 00000000-0000-0000-0000-000000000000, the system will conflict the certificates between those hosts.

  • Host hardware missing values in firmware (e.g., BIOS) for required fields.

Resolution

Third Party issue as the UUID is provided by the hardware to the hypervisor. Hardware vendor must validate in the hardware level for the proper UUID of the host.

  • Upgrading the BIOS/firmware of the affected ESXi hosts has resolved the issue.
Powered by Wolken Software