If the human-readable decoded form of vCenter certificates such as MACHINE_SSL_CERT, TRUSTED_ROOTS, or TRUSTED_ROOT_CRLS, contains a string that cannot be decoded with UTF-8, such as "ñ", the first boot of the VMware Authentication Framework Service Daemon (VMAFD) might fail. As a result, you cannot complete an upgrade of your vCenter system.

vCenter 7.x

vCenter 8.x

As part of VMAFD first boot process, the certificates in the MACHINE_SSL_CERT, TRUSTED_ROOTS and TRUSTED_ROOT_CRLS stores are printed in the human readable decoded form and posted to the firstboot log.

When undecodable characters are present in the human readable decoded form of certificates, VMAFD first boot is failing due to the inability of the string to be decoded with UTF-8 encoding standard.

In one of the scenarios, the lower case latin char "ñ", present in the decoded form of the certificate, is causing the vmafd firstboot failure.

Exception "UnicodeDecodeError" is thrown due to the presence of the character.

Workaround:

• Replace the certificate if the flagged certificate is in use.
• If the certificate is not in use, remove the certificate from the VECS_STORE

This issue is resolved in vCenter 8.0U3g