vCenter upgrade failed with error "vCenter upgrade failed at the VCENTER_UPGRADE_PRECHECK stage. vCenter upgrade failed. Target URL certificate verification failed."
search cancel

vCenter upgrade failed with error "vCenter upgrade failed at the VCENTER_UPGRADE_PRECHECK stage. vCenter upgrade failed. Target URL certificate verification failed."

book

Article ID: 430920

calendar_today

Updated On:

Products

VMware SDDC Manager VMware vCenter Server

Issue/Introduction

 
 
vCenter upgrade failed in SDDC manager with error "vCenter upgrade failed at the VCENTER_UPGRADE_PRECHECK stage. vCenter upgrade failed. Target URL certificate verification failed."
  • In vCenter Server log file /var/log/vmware/applmgmt/applmgmt.log, you may see lines similar to:
 
YYYY-MM-DDTHH:MM:SS [10518]DEBUG:vmware.appliance.update.update_functions:Running /usr/bin/wget --server-response --tries 3 --waitretry 1 --connect-timeout 10 -r -np -nH -nd -A  -P /storage/core/software-update/tmp/latest https://hostname.example.com/vmware/vcf/bundle/VMware/vRack/lcm/xxx/xxx/iso/repos/patcher_repo/manifest/manifest-latest.xml -e CENSORED -e CENSORED
YYYY-MM-DDTHH:MM:SS [10518]DEBUG:vmware.appliance.update.update_functions:runCommandAndCheckResult failed: "--YYYY-MM-DDTHH:MM:SS--  https://hostname.example.com/vmware/vcf/bundle/VMware/vRack/lcm/xxx/xxx/iso/repos/patcher_repo/manifest/manifest-latest.xml\nConnecting to xxx.xx.x.xxx:8080... connected.\nERROR: cannot verify xxx's certificate, issued by ‘emailAddress=support@xxx,CN=xxx,OU=Certificate Authority,O=xxx,L=xxx,ST=xxx,C=xx’:\n  Self-signed certificate encountered.\nTo connect to xxx insecurely, use `--no-check-certificate'.\n"
YYYY-MM-DDTHH:MM:SS [10518]ERROR:vmware.appliance.update.update_b2b:Got Exception during discover updates {messages : [{'id': 'com.vmware.appliance.verify.certificate_error', 'default_message': 'Target URL certificate verification failed.', 'args': ['']}], data : None, error_type : NOT_FOUND} :
YYYY-MM-DDTHH:MM:SS [10518]INFO:vmware.appliance.update.update_pending:No updates found
 
Where xxx.xx.x.xxx is the IP of proxy configured on VCSA and hostname.example.com is the SDDC manager FQDN
 
  • The NO_PROXY configuration of vCenter Server  contains .*.example.com
 

Environment

VCF 5.x

vSphere 8.x

Cause

  •  VMware Appliance Management UI (VAMI) does not support adding a proxy/no-proxy with a wildcard.
  •  Not all components in vCenter accepts NO_PROXY with wildcard characters. 
      For example, Linux commands like wget, curl don't support wildcard/CIDR/netmask notation in NO_PROXY.

 

Resolution

Add SDDC Manager FQDN (hostname.example.com in this example) to NO_PROXY configuration

How to configure proxy settings for vCenter Server

 

Powered by Wolken Software