• During the pre-upgrade checks in stage 2 of the vCenter Server upgrade, it fails with below message:
  
  Error - Invalid root credentials for source appliance <source_vCenter_FQDN>: Authentication failed


• vCenter SSH and Appliance Management is working with the same password.
• The root account is not locked and can be verified using the following command:
  
  pam_tally2 --user=root 


• The  vcsa-installer logs located in "%temp%" folder of the installer Windows machine also has the following error:

YYYY-MM-DDThh:mm:ssZ - info: ERROR Error: Uncaught (in promise): Error: NG04002
Error: NG04002
    at Ql.noMatchError (https://<vCenter_temporary_ip>:5480/main.6664971344c7b4f9.js:1:489348)
    at https://<vCenter_temporary_ip>:5480/main.6664971344c7b4f9.js:1:489091
    at https://<vCenter_temporary_ip>:5480/main.6664971344c7b4f9.js:1:217471
    at K._error (https://<vCenter_temporary_ip>:5480/main.6664971344c7b4f9.js:1:216913)
    at K.error (https://<vCenter_temporary_ip>:5480/main.6664971344c7b4f9.js:1:206817)
    at K._error (https://<vCenter_temporary_ip>:5480/main.6664971344c7b4f9.js:1:207061)

Connection between Source and Destination over port 22 is being blocked, possibly by an external firewall

Perform the steps below to check if port 22 is blocked from the Windows machine to the vCenter server.

1. Open the Command Prompt in the Windows machine from where the vCenter upgrade is performed.
2. Run the following command:
   
   curl -kv <source_vCenter_fqdn>:22
   
   
3. If the connection fails, engage your internal networking team to check the connection.
4. If the connection succeeds and stage 2 pre-upgrade checks still fail, check the /etc/ssh/sshd_config file in the source vCenter for entries as below.
   
   AllowUsers [email protected]

DenyUsers [email protected]
   
   
5. If any of these entries exists, remove them and restart the upgrade process.