vmware-vpostgres service not starting after running command "vcha-destroy -f"
search cancel

vmware-vpostgres service not starting after running command "vcha-destroy -f"

book

Article ID: 397231

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • The vmware-vpostgres service may fail to start after executing the "vcha-destroy -f" command, to remove the VCHA configuration from the vCenter Server.

  • Logs at /var/log/vmware/vpostgres/serverlog.stderr showed following:

FATAL: could not load server certificate file "/storage/db/vpostgres_ssl/server.crt": SSL Error code 2147483650

or 

FATAL: could not load server certificate file "/storage/db/vpostgres_ssl/server.crt": No such file or directory

Environment

vCenter Server 8.0 with VCHA 

Cause

The issue is encountered due to missing or corrupted certificate files in the /storage/db/vpostgres_ssl/ location.

Resolution

To resolve this issue validate if the server.crt and server.key file is available in the location /storage/db/vpostgres_ssl/.

  1. Take a snapshot of the vCenter.

  2. Login to the vCenter server via SSH.

  3. Backup the existing Machine SSL Certificate and Key
    • /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /var/core/Machine_SSL.crt
    • /usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /var/core/Machine_SSL.key

  4. Run the below command and ensure the files have the correct permissions set.
    • cp /var/core/Machine_SSL.crt /storage/db/vpostgres_ssl/server.crt
    • cp /var/core/Machine_SSL.key /storage/db/vpostgres_ssl/server.key

  5. Navigate to /storage/db/vpostgres_ssl/ location to have the required permissions:
    • chmod 0600 server.crt server.key
    • chown vpostgres:vpgmongrp server.crt server.key

  6. Restart all the vCenter server services :
    • service-control --stop --all && service-control --start --all
Powered by Wolken Software