ERROR: "Failed to generate a password" during "Generate input for creating ESXi Service Accounts" on the VCF installer
search cancel

ERROR: "Failed to generate a password" during "Generate input for creating ESXi Service Accounts" on the VCF installer

book

Article ID: 429022

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • Using VCF installer for a new deployment the following error is encountered during the "Generate input for creating ESXi Service Accounts" task:

    VCF Installer:

    var/log/vmware/vcf/domainmanager/domainmanager.log:

    28472:2026-01-29T19:28:21.263+0000 ERROR [vcf_dm,697bb47a6086bb74ea8907d39609cb32,b061] [c.v.e.s.s.GetSddcInitializeWorkflowStatusAction,dm-exec-32]  SDDC Initialize Task 'Generate input for creating ESXi Service Accounts' failed with error 'Failed to generate a password for esx-hostname.example.com'. Check the /var/log/vmware/vcf/domainmanager/domainmanager.log file on 'sddc-manager.example.com' for more information

  • Going to the sddc manager that is specified in the above log shows the following:

    SDDC manager:

    var/log/vmware/vcf/domainmanagerdomainmanager.log:

    2026-01-30T03:36:33.874+0000 DEBUG [vcf_dm,697c273fa15974371e7868bc8a09c40a,38c7] [c.v.e.s.c.c.v.vsphere.VcManagerBase,dm-exec-1]  Connecting to https://esx-hostname.example.com:443/sdk
    2026-01-30T03:36:33.883+0000 DEBUG [vcf_dm,697c273fa15974371e7868bc8a09c40a,38c7] [c.v.v.s.t.DynamicTrustManager,dm-exec-1]  Checking validity of certificate chain OID.1.2.840.113549.1.9.2="1769734311,564d7761726520496e632e", CN=esx-hostname.example.com, [email protected], OU=VMware ESX Server Default Certificate, O="VMware, Inc", L=Palo Alto, ST=California, C=US, SerialNumber=169469259169879
    2026-01-30T03:36:33.885+0000 DEBUG [vcf_dm,697c273fa15974371e7868bc8a09c40a,38c7] [c.v.v.s.t.DynamicTrustManager,dm-exec-1]  Error checking certificate chain OID.1.2.840.113549.1.9.2="1769734311,564d7761726520496e632e", CN=esx-hostname.example.com, [email protected], OU=VMware ESX Server Default Certificate, O="VMware, Inc", L=Palo Alto, ST=California, C=US, SerialNumber=169469259169879 for validity. java.security.cert.CertificateException: Unable to construct a valid chain

Cause

This is due to the certificate not being added to the Java Key Store (JKS) on the SDDC manager correctly. 

Resolution

The following solutions are available:

  1. Start a fresh deployment.

  2. Try adding the host certificate manually to the SDDC manager JKS. See the following KB: How to add/delete Custom CA Certificates to SDDC Manager and Common Services trust stores
    Once added, retry the task

Powered by Wolken Software