Storage vmotion failed with error 'unable to start VMware vSphere Profile-Driven Storage Service'
Article ID: 388593
Updated On:
Products
Issue/Introduction
Symptoms:
- Storage vmotion task for VM failed with the error 'unable to start VMware vSphere Profile-Driven Storage Service'
Environment
VMware vCenter Server 7.x
VMware vCenter Server 8.x
Cause
Expired MACHINE_SSL_CERT caused storage vmotion failure.
- vCenter Server had expired MACHINE_SSL_CERT certificates.
- Running lsdoctor.py -l on the vCenter server indicates there is an expired MACHINE_SSL_CERT certificate.
Refer: Using the 'lsdoctor' Tool
Sample Error Message :
++ Lines Removed ++ found Certificate(s) Expired: Regenerate the MACHINE_SSL_CERT. ++ Lines Removed ++
- Run the below commands to see the status of the environment certificates:
Run this command on the vCenter Appliance:
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
Example :
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After"; echo "===================================================="; done;
[*] Store : MACHINE_SSL_CERT Alias : __MACHINE_CERT Not After : Jan 30 13:18:39 2025 GMT
Resolution
Caution: Back up or create a virtual machine snapshot before proceeding.
It is recommended to power off all linked external Platform Services Controllers/vCenter Servers with embedded PSCs at the same time and to take a snapshot of every linked node VM.
Machine SSL certificate
On each node (vCenter, vCenter with embedded PSC, or external PSC) found with this expired certificate, run certificate-manager option 3 to replace the SSL certificate.
Example :
For vCenter Server 7.x or 8.x Appliance: /usr/lib/vmware-vmca/bin/certificate-manager and choose option 3
/usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 7.0 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| NOTE: Solution user certs will be deprecated in a future |
| release of vCenter. Refer to release notes for more details.|
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 3
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [[email protected]]:
Enter password:
++ Lines Removed ++
Reset status : 100% Completed [Reset completed successfully]
Refer: Verify and resolve expired vCenter Server certificates using command line interface
Once the expired MACHINE_SSL_CERT is fixed using the above fix, the Storage vmotion task should complete.
Feedback
