Certificate Status Alarm and no healthy upstream error on vCenter UI access
search cancel

Certificate Status Alarm and no healthy upstream error on vCenter UI access

book

Article ID: 412893

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Customer unable to access the vCenter UI with error "No healthy upstream"

Environment

vCenter 7.x

vCenter 8.x

Cause

Expired certificates 

Resolution

Using vCert tools vCert - Scripted vCenter Expired Certificate Replacement we manage to fix the expired certificates.

 

Steps:

a. Find the host where the vCenter is located.

b. Create a snapshot copy of the vCenter before proceed with the certificate fix.

    Copy the vCert tool into VCSA /root/temp directory

d. Do the following steps:

# unzip -q vCert-6.1.0-20250910.zip
# cd vCert-6.1.0-20250910
# ./vCert.py

 

e. From the main menu choose option 3 "Manage certificates"

 

f: Since we found out the solution user had expired certificates choose option 2 "Solution user certificates"

g. Next Menu choose option 1 "Replace Solution user certificates with a VMCA-signed certificates (self-signed)

Output:

h. We also did performed cleanup of the VECS backup store

    Choose option 3

   

    Choose option 12 "Clear expired certificates in BACKUP_STORE in VECS

     

i, Performed a vCenter reboot

j, Upon reboot we manage to see most of the required services on vCenter are up and running:

At this point customer manage to access both the VAMI and its vCenter web-UI and also did clear out all old related certificate alarms.

Powered by Wolken Software