Error Running vsphere8_upgrade_certificate_checks Script Due to Disconnected ESXi Host
Article ID: 410429
Updated On:
Products
Issue/Introduction
While running the python script vsphere8_upgrade_certificate_checks.py from the KB : 313460, the following log excerpt is seen,
python vsphere8_upgrade_certificate_checks.py :
Enter hostname [Default: localhost]:
INFO Verifing vCenter Server VECS store: TRUSTED_ROOT_CRLS
INFO Verifing vCenter Server VECS store: TRUSTED_ROOTS
INFO Verifing vCenter Server VECS store: MACHINE_SSL_CERT
INFO Verifing vCenter Server VECS store: machine
INFO Verifing vCenter Server VECS store: vsphere-webclient
INFO Verifing vCenter Server VECS store: vpxd
INFO Verifing vCenter Server VECS store: vpxd-extension
INFO Verifing vCenter Server VECS store: hvc
INFO Verifing vCenter Server VECS store: data-encipherment
INFO Verifing vCenter Server VECS store: APPLMGMT_PASSWORD
INFO Verifing vCenter Server VECS store: wcp
INFO Loading certificate and key for user 'vpxd-extension' from VECS
INFO Key saved in file: /tmp/tm###lm_b_9
INFO Certificate saved in file: /tmp/tmp_fv##27j
INFO Creating VcService client on host localhost
INFO Verifying ESXi host 1 of 4: host1.example.local
INFO Verifying ESXi host 2 of 4: host2.example.local
INFO Verifying ESXi host 3 of 4: host3.example.local
INFO Verifying ESXi host 4 of 4: host4.example.local
INFO Deleting key file: /tmp/tm###lm_b_9
INFO Deleting cert file: /tmp/tmp_fv##27j
ERROR
ERROR #################### Errors Found ####################
ERROR
ERROR Support for certificates with weak signature algorithms has been removed in vSphere 8.0. Weak signature algorithm certificates must be replaced before upgrade. Refer to the vSphere release notes and VMware KB 89424 for more details. Correct the following 1 issues before proceeding with upgrade.
ERROR
ERROR 1. Host host3.example.local is not connected and cannot be validated.
ERROR
ERROR ######################################################
Cause
The ESXi host host3.example.local is in a Disconnected or Not Responding state as seen in the vCenter Server inventory.
This blocks the python script vsphere8_upgrade_certificate_checks.py from validating the host’s certificates and connectivity. This condition can arise due to host power, management service issues, network connectivity problems, DNS resolution failures.
Resolution
Confirm the host is powered on, reachable, and manageable via vCenter Server.
Identify and resolve the connectivity issue with the affected ESXi host.
- Restart host management agents if necessary, refer : Restarting Management Agents in ESXi
- Ensure DNS resolution (both forward and reverse) is correct, from both vCenter and ESXi using using "nslookup host3.example.com"
- For detailed troubleshooting of ESXi host and vCenter Server connectivity problems, refer to VMware KB articles, refer : Troubleshooting an ESXi host in a "not responding"/"disconnected" state
After resolving the host connection issues, re-run the vsphere8_upgrade_certificate_checks script to validate the upgrade readiness.
Feedback
