vCenter pre-update check fails "Unable to upgrade as VECS force refresh has failed"
search cancel

vCenter pre-update check fails "Unable to upgrade as VECS force refresh has failed"

book

Article ID: 402244

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • When attempting to update vCenter, the pre-update check fails, preventing the upgrade/update from proceeding.  
  • The following error is observed in the VAMI of the vCenter:

"Error - Unable to upgrade as VECS force refresh has failed"

  • The following entries are observed in the /var/log/vmware/applmgmt/PatchRunner.log file:

YYYY-MM-DDTHH:mm:ss:22.98Z vmafd-patch:CollectRequirements ERROR vmafd-patch.utils VECS force refresh failed. Error: Failed to trigger root cert refresh

vecs-cli failed. Error 11: Possible errors:
LDAP error: Administrative limit exceeded
Win Error: Operation failed with error ERROR_BAD_FORMAT (11)

...

YYYY-MM-DDTHH:mm:ss:42.810Z WARNING vmware_b2b.patching.phases.discoverer Invalid patching structure: /storage/seat/software-updatefpbamy7n/stage/scripts/patches/payload/components-script/eam-update-catalog_cata
log.vmsg
2025-05-27T15:20:42.819Z INFO vmware_b2b.patching.phases.discoverer Discovery completed. Result: [
    {

    "name": "vmafd-patch",
        "patchScript": "/storage/seat/software-updatefpbamy7n/stage/scripts/patches/payload/components-script/vmafd-patch",
        "requirementsResult": {
            "mismatches": [
                {
                    "description": {
                        "id": "vmafd.error.description",
                        "localized": "Unable to upgrade as VECS force refresh has failed.",
                        "translatable": "Unable to upgrade as VECS force refresh has failed."
                    },
                    "problemId": null,
                    "relatedUserDataId": null,
                    "resolution": {
                        "id": "vmafd.error.resolution",
                        "localized": "Search for these symptoms in the VMware knowledge base for any known issues and possible workarounds. If none can be found, collect a support bundle and open a support request.",

 

  • The following entries are observed in the /var/log/vmware/vmafdd/vmafdd.log file:

YYYY-MM-DDTHH:mm:ss:42.001 [vmafdd][INFO] RootFetch thread has not terminated yet. Waiting for successful execution
YYYY-MM-DDTHH:mm:ss:42.042 [vmafdd][ERROR] [Error - 11, lotus/vmafd/common/ssl.c:191]
YYYY-MM-DDTHH:mm:ss:42.042 [vmafdd][ERROR] [Error - 11, lotus/vmafd/common/ssl.c:639]
YYYY-MM-DDTHH:mm:ss:42.042 [vmafdd][ERROR] [Error - 11, lotus/vmafd/common/ssl.c:796]
YYYY-MM-DDTHH:mm:ss:42.042 [vmafdd][ERROR] [Error - 11, lotus/vmafd/server/vmafd/rootfetch.c:805]
YYYY-MM-DDTHH:mm:ss:42.042 [vmafdd][ERROR] [Error - 11, lotus/vmafd/server/vmafd/rootfetch.c:262]
YYYY-MM-DDTHH:mm:ss:42.042 [vmafdd][INFO] Failed to update trusted roots. Error [11]

Environment

VMware vCenter Server 8.x

Cause

An incomplete or corrupt certificate in vmdir.

Resolution

Inspect the certificates in vmdir using vCert to determine which certificate is incomplete or corrupt. Once the incomplete or corrupt certificate is identified, remove the certificate using vCert - see vCert - expired certificate replacement script

 

Powered by Wolken Software