Missing root certificates in vCenter server of a linked system resulting in replication issue with linked vCenter server system with error as "Could not connect to one or more vCenter Server systems: https://vcenterfqdn:443/sdk"
search cancel

Missing root certificates in vCenter server of a linked system resulting in replication issue with linked vCenter server system with error as "Could not connect to one or more vCenter Server systems: https://vcenterfqdn:443/sdk"

book

Article ID: 391321

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When you login to the partner vCenter server, there is an error seen in vSphere Client as - "Could not connect to one or more vCenter Server systems: https://vcenterfqdn:443/sdk"

Environment

vCenter server 7.x

Cause

Missing TRUSTED_ROOTS certificates in the partner vCenter server Trusted Store

Resolution

When vCenter server is in linked mode the certificates in Trusted store should be same across all the VCs. 

1. SSH to the vCenter server on which all the certificate are present

2. Execute the following command to copy the TRUSTED_ROOTS certificate that is missing:

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store TRUSTED_ROOTS --alias 'certalias' --output /root/certalias.cer

3. SSH to the vCenter server on which root certificate is missing
4. Copy the certificate to /tmp using WinSCP

5. Execute the following command
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /tmp/certalias.cer 

6. Once the certs are published, run the below to refresh the VECS DB:
/usr/lib/vmware-vmafd/bin/vecs-cli force-refresh

7. Restart the VC services
service-control --stop --all && service-control --start --all

Additional Information

 

 

 

Powered by Wolken Software