Attempt to update VCFA 9.x may fail with error LCMVMSP10036
search cancel

Attempt to update VCFA 9.x may fail with error LCMVMSP10036

book

Article ID: 427033

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

An attempt to update VCFA 9.x may fail with the following error:

- Error Code: LCMVMSP10036
Applying product patch failed.
– BUNDLE [prelude/vcfa-bundle] STATUS: Failed – remote write: Get "https://registry.vmsp-platform.svc.cluster.local:5000/v2/": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2026-01-22T16:06:21Z is after 2026-01-02T09:36:26Z; GET http://registry.vmsp-platform.svc.cluster.local:5000/v2/: unexpected status code 400 Bad Request: Client sent an HTTP request to an HTTPS server.

com.vmware.vrealize.lcm.vmsp.common.exception.VmspPatchingException:
– BUNDLE [prelude/vcfa-bundle] STATUS: Failed –
remote write: Get "https://registry.vmsp-platform.svc.cluster.local:5000/v2/": tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2026-01-22T16:06:21Z is after 2026-01-02T09:36:26Z; GET http://registry.vmsp-platform.svc.cluster.local:5000/v2/: unexpected status code 400 Bad Request: Client sent an HTTP request to an HTTPS server.
at com.vmware.vrealize.lcm.vmsp.plugin.tasks.VmspPatchProductTask.execute(VmspPatchProductTask.java:74)
at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:62)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)

Environment

VCFA 9.0

Cause

The underlying cause is that the registry certificates were rotated, but the associated registry pods did not automatically restart to pick up the new certificates, leading to the observed TLS error.

Resolution

To resolve the issue of an expired certificate, the registry service must be restarted.
This is accomplished by deleting the existing registry pod, which triggers an automatic recreation with a new, valid certificate.

Restart Procedure:

  1. Access the VCFA Cluster:
    • SSH into the VCFA cluster using the vmware-system-user.
    • Elevate privileges by running: sudo -i
  2. Execute Service Restart:
    • Restart the registry deployment in the vmsp-platform namespace:
      kubectl rollout restart deployment/registry -n vmsp-platform
  3. Retry Update

 

Powered by Wolken Software