vCert displays "STS ConnectionStrings" as "MISCONFIG"
search cancel

vCert displays "STS ConnectionStrings" as "MISCONFIG"

book

Article ID: 418319

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Executing vCert with Option 2 to check certificate Status shows STS ConnectionStrings as MISCONFIG as shown below:

Environment

  • vCenter 8.0

Cause

Incorrect / outdated STS connection strings can cause the erroneous certificate status indication.

Resolution

  1. Take an offline snapshot of the vCenter Server virtual machine. If multiple vCenter Servers are configured in Enhanced Linked Mode (ELM), ensure all nodes are powered off before taking the snapshots to maintain directory consistency. See VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice.
  2. Ensure that the vCert - Scripted vCenter expired certificate replacement tool version 6.1.0 or later is being used, as builds prior to 6.1.0 contain a known defect regarding the STS ConnectionStrings status check. For more details refer to its changelog
  3. Launch the updated vCert tool and navigate to Main Menu → Option 5 (Check configurations) → Option 2 (Check STS server config) to update the STS ConnectionStrings 



  4. When prompted to "Update STS ConnectionStrings value to ldap://localhost:389? [N]" enter "Y" to update the value


  5. Restart the services on all vCenter nodes, this can be done by using vCert Main Menu → Option 8 → Option 1 → Y or by running the command service-control --stop --all && service-control --start --all

 

Additional Information

vCenter services vapi-endpoint and vpxd-svcs fail to start with "Unexpected status code: 404"

Powered by Wolken Software