Importing vCenter to SDDC via Cli fails with ERROR "[ERROR] trust_domain: Declined trust for (Fully Qualified Domain Name (FQDN))".
Article ID: 428176
Updated On:
Products
Issue/Introduction
While importing the vCenter to the SDDC Manager via Cli the task fails with below error.
[YYYY-MM-DD HH:MM:SS] [ERROR] trust_domain: Declined trust for Fully Qualified Domain Name (FQDN)[YYYY-MM-DD HH:MM:SS] [CRITICAL] discover domain: Aborting operation as SSH keys have been rejected by the user. Operation can be retried with the same command line arguments.
example.
Environment
SDDC 5.x
vCenter 8.x
Cause
SDDC is trying to establish a secure connection, but it’s hitting a wall because the identity of the remote server (the FQDN) isn't trusted, and the SSH keys were subsequently bounced.
Resolution
Download the Script fix_known_hosts.sh.
How to update the SSH host keys on the SDDC Manager
Note: fix_known_hosts.sh does not work in a FIPS enabled environment.
- Take a snapshot of the SDDC Manager
- Download the
fix_known_hosts.shscript attached to the KB: - Transfer the script to the SDDC manager, or copy the contents to a file on the SDDC Manager.
- SSH to the SDDC Manager with the vcf user, and su root
- Make the script executable
chmod +x /tmp/fix_known_hosts.sh
- Execute the script
./fix_known_hosts.sh
- Provide the FQDN and the IP address of the node for which we need to update the Host Keys for:
- Re-attempt the workflow that was failing due to the Host Key error.
NOTE: If you run in to permission issue like below.
root@ESXi [ /tmp ]# ./fix_known_hosts.sh bash: ./fix_known_hosts.sh: Permission denied
Use the command:sh ./fix_known_hosts.sh
Additional Information
Refence Article.
Attachments
Feedback
