VCF 9.x

The initial failure is due to a known issue in VCF 9.0 where the SDDC Manager FQDN is incorrectly mapped to the loopback address (127.0.0.1) in the /etc/hosts file VCF 9.0 deployment fails at "Generate and Install VMCA Certificate on SDDC Manager" stage with error "Failed to install VMCA Certificate on SDDC Manager 127.0.0.1 Reference Token: <ID>"
If manual intervention was performed via SSH to fix the /etc/hosts file, the vcf user account may have become locked due to repeated failed attempts or the password was inadvertently changed, leading to the Auth fail error in later deployment stages.

Step 1: Correct the /etc/hosts file

If the deployment is still failing at the certificate stage, refer to the following article to correct the loopback mapping VCF 9.0 deployment fails at "Generate and Install VMCA Certificate on SDDC Manager" stage with error "Failed to install VMCA Certificate on SDDC Manager 127.0.0.1 Reference Token: <ID>"

1. Log in to the SDDC Manager appliance console (Web Console) as root.
2. Edit /etc/hosts and comment out the entry where the FQDN is mapped to 127.0.0.1
3. Add a proper entry mapping the FQDN to the actual appliance IP address.
4. Restart SDDC Manager services: /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh

Step 2: Resolve SSH Authentication Failure

If the deployment fails with Auth fail, perform the following from the SDDC Manager VM console (not SSH):

Review this command before running it.

1.  Unlock the vcf user:
   
   faillock --reset --user vcf


2. Reset the password: If the account remains locked or the auto-generated password no longer works, reset the password to match the auto-generated one provided in the VCF Installer:
   
   passwd vcf

3. Verify Access: Attempt to SSH manually from the VCF Installer appliance using the vcf user and the auto-generated password. If successful, click Retry in the VCF Installer to continue the deployment.