VCF Operations Collector fails to join VCF Operations after 24 hours due to expired One Time Key (OTK)
Article ID: 409017
Updated On:
Products
Issue/Introduction
After deploying the VCF Operations Collector, it cannot be added to VCF Operations if more than 24 hours have passed since deployment.
In this case, the connectreason field shows "Pass-phrase expired", even though the firstboot process has completed successfully.
$ cat cprc.configuration
{
"uuid" : "XXXXXXXXXXXXXXXX",
"ip" : "XXX.XXX.XXX.XXX",
"name" : "XXX.XXX.XXX.XXX",
"creationdateyear" : "2025",
"creationdatemonth" : "8",
"creationdateday" : "31",
"gatewayfqdn" : "",
"created" : false,
"connectdateyear" : "",
"connectdatemonth" : "",
"connectdateday" : "",
"connectretry" : 0,
"connectmaxretry" : 30,
"connectstatus" : "FAIL",
"connectreason" : "Pass-phrase expired",
"connectinterval" : 3000,
"connectstatuscode" : "",
"connect_ip_list" : null,
"is_on_prem" : null
}Environment
VCF Operations Collector 9.x
VCF Operations 9.x
Cause
According to the connectreason entry in the cprc.configuration file, this issue is caused by "Pass-phrase expired".
The "Pass-phrase expired" status indicates that the One Time Key (OTK) has expired after 24 hours since the VCF Operations Collector was deployed from the VCF Installer.
When the VCF Operations Collector is deployed, a One Time Key (OTK) is generated from VCF Operations and specified in the vApp Options of the Collector.
This key is required for authentication when establishing communication with VCF Operations. Once the key expires, the VCF Operations Collector can no longer be added to VCF Operations.
Resolution
There are two approaches to resolve this issue:
Option A:
-------------------------------
Re-run the deployment from VCF Ops Fleet management UI with the parameter "deleteVm": true so the CP is freshly redeployed.
Note: In VCF Ops Fleet Management, the Fleet management UI remains disabled for greenfield deployment until the CP is successfully deployed (success criterion: CP collector is UP).
-----------------------------------
Steps:
- SSH into the VCF Ops Fleet Management appliance as the root user.
- Run the command to enable the VCF Ops Fleet Management UI
# touch /var/lib/vrlcm/UI_ENABLED - Go to Lifecycle operations and click on the failed VCF Ops deployment request under tasks
- Retry the request by passing - true for "deleteVm" parameter
- Once CP deployment is successful, retry the request from VCF installer.
- Delete the file in VCF Ops Fleet Management appliance to disable the VCF Ops Fleet management UI
#rm /var/lib/vrlcm/UI_ENABLED
Option B:
Regenerate the OTK from VCF Operations and apply it to the vApp Options of the VCF Operations Collector.
Steps:
- Connect to the existing VCF Operations instance that was deployed as part of the Converge process.
- Navigate to Administration > Cloud Proxies.
- Click ADD.
- In the displayed screen, go to Step 5 and click the circular arrow icon on the right-hand side to regenerate the key.
- Click the Copy button to copy the regenerated key.
- Access the vSphere Client.
- Shut down the VCF Operations Collector.
- Select the VCF Operations Collector VM and navigate to Configure > vApp Options > Properties.
- Locate the property where the key name is set to otk.
- Click SET VALUE, replace it with the regenerated key from step 5, and save the change.
- Power on the VCF Operations Collector.
- After the VM has finished booting, open the Web Console and confirm that the blue screen displays the IP address and related configuration.
- Retry the task in the VCF Installer.
Feedback
