vCenter patch update via VAMI fails with "Internal error occurs during execution of update process"
search cancel

vCenter patch update via VAMI fails with "Internal error occurs during execution of update process"

book

Article ID: 421437

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Initiating a vCenter patch update via VAMI fails with "Internal error occurs during execution of update process"
   

Environment

vCenter server 8.x

Cause

The DNS name in Machine SSL certificate is not match the vCenter hostname (PNID)

/var/log/vmware/applmgmt/PatchRunner.log

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for '<vCenter_server_name>'. (_ssl.c:1007)
YYYY-MM-DD HH:MM:SS ERROR vmware_b2b.patching.phases.discoverer Could not execute discovery hook in file: /storage/core/software-update/updates/8.0.3.00100/scripts/patches/payload/components-script/vpxd
YYYY-MM-DD HH:MM:SS ERROR vmware_b2b.patching.phases.discoverer Discovery hook got ComponentWrapperError.
Traceback (most recent call last):
  File "/storage/core/software-update/updates/8.0.3.00100/scripts/patches/py/vmware_b2b/patching/phases/discoverer.py", line 580, in discover
    discoveredComponents = _discoverComponents(scriptsRootDir, stageDir, components,
  File "/storage/core/software-update/updates/8.0.3.00100/scripts/patches/py/vmware_b2b/patching/phases/discoverer.py", line 200, in _discoverComponents
    discoveryResult = executeHook(filePath, Hook.Discovery, compContext, None,
  File "/storage/core/software-update/updates/8.0.3.00100/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 53, in executeHook
    result = executor.executeHook(scriptFile, hook, args, reportQueue, reportIdentifier)
  File "/storage/core/software-update/updates/8.0.3.00100/scripts/patches/py/vmware_b2b/patching/executor/hook_executor_process.py", line 119, in executeHook
    raise ex
patch_errors.ComponentError
YYYY-MM-DD HH:MM:SS ERROR __main__ Discovery of vCSA patching components failed


The mismatch can be confirmed using the below command

/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | grep -A1 Alternative 

Resolution

Replace the vCenter Machine SSL certificate by vCert.py by selecting option 3 "Manage Certificates" and choose  "1. Machine SSL certificate" to replace it ,  input correct hostname of vCenter as prompt . 

vCert - Scripted vCenter expired certificate replacement 

Powered by Wolken Software