Vmware Vcenter7.0证书web续期发生错误

news2024/12/24 8:30:12

1. 故障描述

vSphere Client 版本 7.0.2.00200
vCenter _MACHINE_CERT快到期了,通过web界面更新证书失败

第一步先这样,重新续订一下证书
在这里插入图片描述

续订发生错误
在这里插入图片描述

2. 解决办法

2.1. 前提工作

登陆ssh到vcenter,重新生成证书

先关掉HA,不然证书管理会报错。

Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
Shell access is granted to root
root@localhost [ ~ ]# cd /usr/lib/vmware-vmca/bin/
root@localhost [ /usr/lib/vmware-vmca/bin ]# /usr/lib/vmware-vmca/bin/certificate-manager

Certificate Manager tool do not support vCenter HA systems

PSSSSSSSS:记得vCenter做备份,做快照

2.2. 生成计算机ssl证书

生成证书,选择第三个(PS,如果没有域名的,一定要写IP,不然很容易卡在85%,服务不能起来)

root@localhost [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
		 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
		|                                                                     |
		|      *** Welcome to the vSphere 6.8 Certificate Manager  ***        |
		|                                                                     |
		|                   -- Select Operation --                            |
		|                                                                     |
		|      1. Replace Machine SSL certificate with Custom Certificate     |
		|                                                                     |
		|      2. Replace VMCA Root certificate with Custom Signing           |
		|         Certificate and replace all Certificates                    |
		|                                                                     |
		|      3. Replace Machine SSL certificate with VMCA Certificate       |
		|                                                                     |
		|      4. Regenerate a new VMCA Root Certificate and                  |
		|         replace all certificates                                    |
		|                                                                     |
		|      5. Replace Solution user certificates with                     |
		|         Custom Certificate                                          |
		|         NOTE: Solution user certs will be deprecated in a future    |
		|         release of vCenter. Refer to release notes for more details.|
		|                                                                     |
		|      6. Replace Solution user certificates with VMCA certificates   |
		|                                                                     |
		|      7. Revert last performed operation by re-publishing old        |
		|         certificates                                                |
		|                                                                     |
		|      8. Reset all Certificates                                      |
		|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 3

Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:
certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y

Press Enter key to skip optional parameters or use Previous value.

Enter proper value for 'Country' [Previous value : CN] : 

Enter proper value for 'Name' [Previous value : CA] : 

Enter proper value for 'Organization' [Previous value : VMware] : 

Enter proper value for 'OrgUnit' [Previous value : VMware Engineering] : 

Enter proper value for 'State' [Previous value : California] : gd

Enter proper value for 'Locality' [Previous value : Palo Alto] : gz

Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : XX.XX.XX.XX

Enter proper value for 'Email' [Previous value : email@acme.com] : q@qq.cc

Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : XX.XX.XX.XX

Enter proper value for VMCA 'Name' :XX.XX.XX.XX

You are going to regenerate Machine SSL cert using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameompleted [Replacing Machine SSL Cert...]                  
default-first-site
Lookup all services
Get service default-first-site:721f0c08-f5fe-4233-aca8-adb8de27427b
Update service default-first-site:721f0c08-f5fe-4233-aca8-adb8de27427b; spec: /tmp/svcspec_nmq8ssku
Get service default-first-site:a8fa2cf1-a539-4327-aa48-c33761a538a4
Update service default-first-site:a8fa2cf1-a539-4327-aa48-c33761a538a4; spec: /tmp/svcspec_o_gl7c_2
Get service default-first-site:204a2a4e-223e-46d6-93e2-fec0c90393c4
Update service default-first-site:204a2a4e-223e-46d6-93e2-fec0c90393c4; spec: /tmp/svcspec__2p8luju
Get service 79e91659-12a1-427b-92e5-11f1cbc2c150
Update service 79e91659-12a1-427b-92e5-11f1cbc2c150; spec: /tmp/svcspec_8zwpgcef
Get service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vrops
Don't update service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vrops
Get service 0cb00c88-bb60-478c-9737-802019c5708a
Update service 0cb00c88-bb60-478c-9737-802019c5708a; spec: /tmp/svcspec_k5szxjgs
Get service 1ee5c2aa-fde0-489a-8f95-f701f84b44c9
Update service 1ee5c2aa-fde0-489a-8f95-f701f84b44c9; spec: /tmp/svcspec_sdbbikhr
Get service 5f15b57d-8269-47d4-88af-c9aab1fd223d
Update service 5f15b57d-8269-47d4-88af-c9aab1fd223d; spec: /tmp/svcspec_mwgz82tz
Get service 56e494d3-f758-461a-8337-e309d1e2d0b4
Update service 56e494d3-f758-461a-8337-e309d1e2d0b4; spec: /tmp/svcspec_b6fwtzz6
Get service d3426061-6261-456f-b5b2-e70d3e56c69e
Update service d3426061-6261-456f-b5b2-e70d3e56c69e; spec: /tmp/svcspec_o08ocymw
Get service 1c5fe660-5abd-453d-9f18-d21ca1a615b9
Update service 1c5fe660-5abd-453d-9f18-d21ca1a615b9; spec: /tmp/svcspec_v__tqn34
Get service 8ccf37e5-c01f-491b-88d1-fd67d6377c2f
Update service 8ccf37e5-c01f-491b-88d1-fd67d6377c2f; spec: /tmp/svcspec_yczoj_f9
Get service 4d101d2f-a50f-4ffd-b03a-f3728817b340
Update service 4d101d2f-a50f-4ffd-b03a-f3728817b340; spec: /tmp/svcspec_wyhs5pfy
Get service 761c8d6c-131f-4136-9e0e-4945917a5607
Update service 761c8d6c-131f-4136-9e0e-4945917a5607; spec: /tmp/svcspec_gjkmay7h
Get service ec372f25-38cf-4cd8-ac92-6ebeff0ff85e
Update service ec372f25-38cf-4cd8-ac92-6ebeff0ff85e; spec: /tmp/svcspec_u4c16zhs
Get service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vsphere.client
Don't update service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vsphere.client
Get service e97549a3-2aa5-4e47-a81b-5b6490837d43
Update service e97549a3-2aa5-4e47-a81b-5b6490837d43; spec: /tmp/svcspec_h26ke7t5
Get service 279f5d2f-f375-41d6-b5d3-8a7e397fb6c8
Update service 279f5d2f-f375-41d6-b5d3-8a7e397fb6c8; spec: /tmp/svcspec_hw2tz45w
Get service 4730664d-0fe7-4e70-b827-bcdf1686d17d
Update service 4730664d-0fe7-4e70-b827-bcdf1686d17d; spec: /tmp/svcspec_mn19ltn_
Get service e64650fc-800d-4855-9b60-bd591562102b
Update service e64650fc-800d-4855-9b60-bd591562102b; spec: /tmp/svcspec_8iz8nl1t
Get service 0c872fd2-b582-4172-8b7e-465f6de28b76
Update service 0c872fd2-b582-4172-8b7e-465f6de28b76; spec: /tmp/svcspec_f3957lva
Get service bf46ae3e-9d26-459a-9703-25000ba81e09
Update service bf46ae3e-9d26-459a-9703-25000ba81e09; spec: /tmp/svcspec_sfje8un0
Get service 430891f7-bb3c-475a-9331-bdb671f1b415
Update service 430891f7-bb3c-475a-9331-bdb671f1b415; spec: /tmp/svcspec_g91d7d9p
Get service 1ee5233a-0737-4b71-b74e-28105ff9361b
Update service 1ee5233a-0737-4b71-b74e-28105ff9361b; spec: /tmp/svcspec_184jc1s2
Get service 6cc99f96-ee9a-406b-9018-2414b837c442_kv
Update service 6cc99f96-ee9a-406b-9018-2414b837c442_kv; spec: /tmp/svcspec_2rjbyjlj
Get service c947d5e0-c832-4b98-9518-c28d5be261c6
Update service c947d5e0-c832-4b98-9518-c28d5be261c6; spec: /tmp/svcspec_d18ux756
Get service cc78a6fe-ee02-414a-a10a-5b9511810c0e
Update service cc78a6fe-ee02-414a-a10a-5b9511810c0e; spec: /tmp/svcspec_nd5ehat0
Get service daaffbbd-5fdb-4aaf-842a-94e4c6948920
Update service daaffbbd-5fdb-4aaf-842a-94e4c6948920; spec: /tmp/svcspec__o82zeym
Get service 206c94d5-8cc7-4646-a93e-389064c64bbe
Update service 206c94d5-8cc7-4646-a93e-389064c64bbe; spec: /tmp/svcspec_oecjimvw
Get service 6cc99f96-ee9a-406b-9018-2414b837c442_authz
Update service 6cc99f96-ee9a-406b-9018-2414b837c442_authz; spec: /tmp/svcspec_du_d2yx4
Get service 26edf5a0-b4e6-41b9-b972-e74c493dab27
Update service 26edf5a0-b4e6-41b9-b972-e74c493dab27; spec: /tmp/svcspec_dc89lu60
Get service 0d85950f-ca7d-4686-aa36-b627ce77fda9
Update service 0d85950f-ca7d-4686-aa36-b627ce77fda9; spec: /tmp/svcspec_igw1rch3
Get service 287c218f-a49f-41fd-b845-1962a1db7b2f
Update service 287c218f-a49f-41fd-b845-1962a1db7b2f; spec: /tmp/svcspec_0fjjjag3
Get service b6332254-0911-4bb1-8461-7e9d7ac18fb2
Update service b6332254-0911-4bb1-8461-7e9d7ac18fb2; spec: /tmp/svcspec_0up89kup
Get service 87899b67-58d6-4d1a-99a1-7a5a47fe8d79
Update service 87899b67-58d6-4d1a-99a1-7a5a47fe8d79; spec: /tmp/svcspec_de6rp33r
Get service 0fbed2c1-0e7e-4fd1-9eaa-78a6af02d788
Update service 0fbed2c1-0e7e-4fd1-9eaa-78a6af02d788; spec: /tmp/svcspec_s5ew895r
Get service 6cc99f96-ee9a-406b-9018-2414b837c442
Update service 6cc99f96-ee9a-406b-9018-2414b837c442; spec: /tmp/svcspec_ue3hi4zt
Get service 79ed9113-fa3f-4f5e-817a-7a11145880c7
Update service 79ed9113-fa3f-4f5e-817a-7a11145880c7; spec: /tmp/svcspec_r0azsaib
Get service 1829b7b8-e755-4db6-9665-439f3f2624d1
Update service 1829b7b8-e755-4db6-9665-439f3f2624d1; spec: /tmp/svcspec_pfbbxyof
Get service 1146b510-76ab-4e88-9a1e-5933b4d64f3e
Update service 1146b510-76ab-4e88-9a1e-5933b4d64f3e; spec: /tmp/svcspec_rncl11rd
Get service 31728e0d-6f78-4da8-93aa-98fb456d5672
Update service 31728e0d-6f78-4da8-93aa-98fb456d5672; spec: /tmp/svcspec_7i1z6ff9
Get service 196f8571-ac23-4a80-882f-aba9deb7989b
Update service 196f8571-ac23-4a80-882f-aba9deb7989b; spec: /tmp/svcspec_jkmbsi93
Get service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vcops
Don't update service 1652cda7-3207-431e-9d82-031ceffb42b4_com.vmware.vcops
Get service bc991693-97a8-4993-949d-d5eb461d4824
Don't update service bc991693-97a8-4993-949d-d5eb461d4824
Get service 1652cda7-3207-431e-9d82-031ceffb42b4
Update service 1652cda7-3207-431e-9d82-031ceffb42b4; spec: /tmp/svcspec_xth2o90b
Get service 659e024f-fa27-4d0a-bcb8-54634aea9679
Update service 659e024f-fa27-4d0a-bcb8-54634aea9679; spec: /tmp/svcspec_5g731icv
Get service b7c2a448-af0e-4d7e-a892-0d307bd9ee9d
Update service b7c2a448-af0e-4d7e-a892-0d307bd9ee9d; spec: /tmp/svcspec_3e61aymd
Updated 43 service(s)
Status : 85% Completed [starting services...]                  

Status : 100% Completed [All tasks completed successfully]

2.3. 删除旧的证书

# 查看一下现有的证书
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias :	__MACHINE_CERT
            Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias :	6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
            Not After : May 25 02:23:47 2031 GMT
[*] Store : machine
Alias :	machine
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vsphere-webclient
Alias :	vsphere-webclient
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd
Alias :	vpxd
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd-extension
Alias :	vpxd-extension
            Not After : May 25 02:23:47 2031 GMT
[*] Store : hvc
Alias :	hvc
            Not After : May 25 02:23:47 2031 GMT
[*] Store : data-encipherment
Alias :	data-encipherment
            Not After : May 25 02:23:47 2031 GMT
[*] Store : APPLMGMT_PASSWORD
Alias :	location_password_default
[*] Store : SMS
Alias :	sms_self_signed
            Not After : May 30 02:28:11 2031 GMT
[*] Store : wcp
Alias :	wcp
            Not After : May 30 02:19:32 2023 GMT
[*] Store : BACKUP_STORE
Alias :	bkp___MACHINE_CERT
            Not After : May 30 14:23:47 2023 GMT
Alias :	bkp_machine
            Not After : May 25 02:23:47 2031 GMT
Alias :	bkp_vsphere-webclient
            Not After : May 25 02:23:47 2031 GMT
Alias :	bkp_vpxd
            Not After : May 25 02:23:47 2031 GMT
Alias :	bkp_vpxd-extension
            Not After : May 25 02:23:47 2031 GMT
Alias :	bkp_hvc
            Not After : May 25 02:23:47 2031 GMT
Alias :	bkp_wcp
            Not After : May 30 02:19:32 2023 GMT
Alias :	__MACHINE_CERT
            Not After : May 11 08:21:25 2025 GMT

# 删除证书
root@localhost [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli store delete --name BACKUP_STORE -y
Successfully deleted store [BACKUP_STORE]
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias :	__MACHINE_CERT
            Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias :	6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
            Not After : May 25 02:23:47 2031 GMT
[*] Store : machine
Alias :	machine
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vsphere-webclient
Alias :	vsphere-webclient
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd
Alias :	vpxd
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd-extension
Alias :	vpxd-extension
            Not After : May 25 02:23:47 2031 GMT
[*] Store : hvc
Alias :	hvc
            Not After : May 25 02:23:47 2031 GMT
[*] Store : data-encipherment
Alias :	data-encipherment
            Not After : May 25 02:23:47 2031 GMT
[*] Store : APPLMGMT_PASSWORD
Alias :	location_password_default
[*] Store : SMS
Alias :	sms_self_signed
            Not After : May 30 02:28:11 2031 GMT
[*] Store : wcp
Alias :	wcp
            Not After : May 30 02:19:32 2023 GMT

2.4. 再更新wcp证书

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-543BB100-515E-4FFF-8D88-7D73E4CB8248.html

root@localhost [ /tmp ]# vim certool.cfg 
root@localhost [ /tmp ]# cat certool.cfg
#
# Template file for a CSR request
#

# Country is needed and has to be 2 characters
Country = US
Name	= CA
Organization = VMware
OrgUnit = VMware Engineering
State = gd
Locality = Palo Alto
IPAddress = 127.0.0.1
Email = email@acme.com
Hostname = xx.xx.xx.xx

root@localhost [ /tmp ]# /usr/lib/vmware-vmca/bin/certool --genkey --privkey=/tmp/wcp.priv --pubkey=/tmp/wcp.pub
Status : Success

root@localhost [ /tmp ]# /usr/lib/vmware-vmca/bin/certool --gencert --privkey=/tmp/wcp.priv --cert /tmp/wcp.crt --Name=wcp --config /tmp/certool.cfg
Using config file : /tmp/certool.cfg
Status : Success

root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/dir-cli service list
Enter password for administrator@vsphere.local: 
1. machine-4b340ebe-d18a-427a-b130-d92673fd97fd
2. vsphere-webclient-4b340ebe-d18a-427a-b130-d92673fd97fd
3. vpxd-4b340ebe-d18a-427a-b130-d92673fd97fd
4. vpxd-extension-4b340ebe-d18a-427a-b130-d92673fd97fd
5. hvc-4b340ebe-d18a-427a-b130-d92673fd97fd
6. wcp-4b340ebe-d18a-427a-b130-d92673fd97fd

# 停止服务
root@localhost [ /var/log/vmware/vpxd ]# service-control --stop --all
Operation not cancellable. Please wait for it to finish...
Performing stop operation on service observability...
Successfully stopped service observability
Performing stop operation on service vmware-pod...
Successfully stopped service vmware-pod
Performing stop operation on service vmware-vdtc...
Successfully stopped service vmware-vdtc
Performing stop operation on profile: ALL...
Successfully stopped service vmware-vmon
Successfully stopped profile: ALL.
Performing stop operation on service vmcad...
Successfully stopped service vmcad
Performing stop operation on service vmdird...
Successfully stopped service vmdird
Performing stop operation on service vmafdd...
Successfully stopped service vmafdd
Performing stop operation on service lwsmd...
Successfully stopped service lwsmd

# 再启动相关服务
root@localhost [ /var/log/vmware/vpxd ]# service-control --start vmafdd
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vmafdd...
Successfully started service vmafdd
root@localhost [ /var/log/vmware/vpxd ]# service-control --start vmdird
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vmdird...
Successfully started service vmdird
root@localhost [ /var/log/vmware/vpxd ]# service-control --start vmcad
Operation not cancellable. Please wait for it to finish...
Performing start operation on service vmcad...
Successfully started service vmcad

# 更新证书
root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/dir-cli service update --name wcp-4b340ebe-d18a-427a-b130-d92673fd97fd --cert /tmp/wcp.crt
Enter password for administrator@vsphere.local: 
Service [wcp-4b340ebe-d18a-427a-b130-d92673fd97fd] updated successfully
root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store wcp --alias wcp
Warning: This operation will delete entry [wcp] from store [wcp]
Do you wish to continue? Y/N [N] 
y
Deleted entry with alias [wcp] in store [wcp] successfully
 root@localhost [ /tmp ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry create --store wcp --alias wcp --cert /tmp/wcp.crt --key /tmp/wcp.priv
Entry with alias [wcp] in store [wcp] was created successfully 

# 启动服务
root@localhost [ /tmp ]# service-control --start --all


# 查看证书时间更新了
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias :	__MACHINE_CERT
            Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias :	6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
            Not After : May 25 02:23:47 2031 GMT
[*] Store : machine

Alias :	machine
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vsphere-webclient
Alias :	vsphere-webclient
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd
Alias :	vpxd
            Not After : May 25 02:23:47 2031 GMT
[*] Store : vpxd-extension
Alias :	vpxd-extension
            Not After : May 25 02:23:47 2031 GMT
[*] Store : hvc
Alias :	hvc
            Not After : May 25 02:23:47 2031 GMT
[*] Store : data-encipherment
Alias :	data-encipherment
            Not After : May 25 02:23:47 2031 GMT
[*] Store : APPLMGMT_PASSWORD
Alias :	location_password_default
[*] Store : SMS
Alias :	sms_self_signed
            Not After : May 30 02:28:11 2031 GMT
[*] Store : wcp
Alias :	wcp
            Not After : May 11 08:50:55 2025 GMT

3. 参考KB

https://kb.vmware.com/s/article/2112277

https://kb.vmware.com/s/article/2015600lang=zh_CN

https://kb.vmware.com/s/article/2097936lang=zh_cn

https://medium.com/@ITsolutions/vmware-vcenter-certificate-replacement-7d2e7fa3fb89

https://captainvops.com/2022/12/16/vcenter-8-machine-ssl-certificate-management/

https://vninja.net/2022/08/08/expired-vmware-vcenter-7-certificates/

4. 命令

# 开启sftp
chsh -s /bin/bash root

查看CA证书有多少
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert list

root@localhost [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli trustedcert list
Enter password for administrator@vsphere.local: 
Number of certificates:	1
#1:
CN(id):		3AEF9845A3E59122EDCB50C946C7886AFBB3D211
Subject DN:	CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=localhost, OU=VMware Engineering
CRL present:	yes

# 导出CA证书
are-vmafd/bin/dir-cli trustedcert get --id A35412348D33EA5EB11E66EF901A1F8D99B0465 --outcert /tmp/vmca_root.cer

# 查看证书情况
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;

root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias :	__MACHINE_CERT
            Not After : May 11 08:44:26 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias :	6f6ae78eb3a9abdbc7bf43797b765e62851a6af6
            Not After : May 25 02:23:47 2031 GMT

5. 报错

5.1. Error Failed to start vmon services.vmon-cli RC=1

When you go to read the “certificate-manager.log”, you see an entry like this:

Error Failed to start vmon services.vmon-cli RC=1

After a lot of searching on the internet, I sum up with this good article which helps me to solve my problem. The procedure is very simple, you just need to change the file permission of /etc/vmware/.buildInfo from 640 back to 444, SSH to your vCenter Server with root user and type following commands:

shell
chmod 444 /etc/vmware/.buildInfo

https://kb.vmware.com/s/article/2150057lang=zh_CN

5.2. 脚本执行之后卡在85%

这里大概率可能是证书里面的FQDN和主机不匹配,又或者是主机解析FQDN有问题。

https://blog.csdn.net/CrossProblems/article/details/135395563

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/2257724.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

Oracle报错ORA-01653: 表xx无法通过 8192在表空间中扩展

向Oracle 19g数据库中批量插入数据,当插入近2亿条数据后,报出如下错误: ORA-01653: 表xx无法通过 8192 (在表空间 xx_data 中) 扩展 查看表空间,发现表空间大小已达到32G,表空间无法进行自动扩展了。(初始…

数据结构(3)单链表的模拟实现

上一节我们进行了数据结构中的顺序表的模拟式现,今天我们来实现一下另外一个数据结构:单链表。 我们在实现顺序表之后一定会引发一些问题和思考: 1.顺序表在头部和中间插入数据会用到循环,时间复杂O(N) …

如何高效的向AI大模型提问? - 提示工程Prompt Engineering

大模型的输入,决定了大模型的输出,所以一个符合要求的提问Prompt起到关键作用。 以下是关于提示工程Prompt Engineering主要方法的详细表格,包括每种方法的优点、缺点、应用场景以及具体示例: 主要方法优点缺点应用场景示例明确性…

python正则化表示总结

1.字符 总结: .匹配除“\n”以外的所有字符[…]字符集,…为所给出的范围,如:[a-zA-Z]表示逐个列出所有字符,[0-9]表示逐个列出所有数字[^…]^表示取反,如 [^0-9] 等同于出数字以外所有字符[…]并[…]也可…

BlueOS安装与DVL插件安装

我的blueos端又进不去了,查了查原因SD卡竟然裂开了!故重新下载附步骤: 官方网址:BlueOS Documentation DVL插件安装参考:Water Linked DVL A50 Support - Third Party Products / Sonar and Acoustics - Blue Roboti…

学者观察 | Web 3.0生态治理及其安全——北京交通大学副教授李超

导语 李超教授认为Web 3.0中无论是链上治理还是链下治理都有其优劣。链下治理机制更侧重于社区广泛参与和讨论,过程较为繁琐,但能够形成广泛的社区支持和参与,增强决策的合法性和接受度;链上治理机制通过直接在区块链上执行决策&…

C++实现排序算法:冒泡排序

目录 前言 冒泡排序性质 C代码实现冒泡排序 冒泡图解 第一趟排序 第二趟排序 第三趟排序 排序结果 结语 前言 冒泡排序的基本思想是通过从前往后&#xff08;从后往前&#xff09;两两比较&#xff0c;若为逆序&#xff08;即arr[i] < arr[i 1]&#xff09;则交换…

二叉树节点相关算法题|双分支节点个数|所有左叶子之和|每一层节点平均值(C)

双分支节点个数 假设二叉树采用二叉链表存储结构存储&#xff0c;试设计一个算法&#xff0c;计算一棵给定二叉树的所有双分支节点个数 算法思想 计算一棵二叉树中所有双分支节点个数的递归模型 若树为空&#xff0c;结果为0 若当前节点为双分支节点&#xff0c;递归左右孩子…

交互开发---测量工具(适用VTK或OpenGL开发的应用程序)

简介&#xff1a; 采用VTK开发应用程序时&#xff0c;经常需要开发各种各样的测量工具&#xff0c;如果沿用VTK的widgets的思路&#xff0c;绘制出来的的控件不够漂亮&#xff0c;且交互不太灵活&#xff0c;并且随着测量工具的增强&#xff0c;渲染的效率也会有所降低。基于上…

【LEAP模型建模】能源需求/供应预测、能源平衡表核算、空气污染物排放预测、碳排放预测、成本效益分析、交通运输碳排放、电力系统优化等专题应用

采用部门分析法建立的LEAP&#xff08;Long Range Energy Alternatives Planning System/ Low emission analysis platform&#xff0c;长期能源可替代规划模型&#xff09;是一种自下而上的能源-环境核算工具&#xff0c;由斯德哥尔摩环境研究所和美国波士顿大学联合研发。该模…

HarmonyOS-中级(三)

文章目录 合理使用动画和转场Web组件和WebView给应用添加通知和提醒 &#x1f3e1;作者主页&#xff1a;点击&#xff01; &#x1f916;HarmonyOS专栏&#xff1a;点击&#xff01; ⏰️创作时间&#xff1a;2024年12月08日12点12分 合理使用动画和转场 动效场景设计&#x…

GC常见垃圾回收算法,JVM分代模型

如何判断是垃圾&#xff1f;引用计数器和Root可达性算法 如何进行清除&#xff1f;标记清除、复制、标记整理 堆分代模型&#xff1f;Eden&#xff0c;Surevivor&#xff0c;Tenuring 一个对象从创建到消亡的过程&#xff1f; 对象什么时候进入老年代&#xff1f; 一、GC&a…

win11 恢复任务栏copilot图标, 亲测有效

1、修改C:\Windows\System32\IntegratedServicesRegionPolicySet.json&#xff0c;解除中国不能使用copilot的限制。 使用Notepad搜索copilot全文搜索&#xff0c;将下面两处的“CN,”删除&#xff0c;删除后如下&#xff1a; {"$comment": "Show Copilot on t…

nginx生成自签名证书

nginx生成自签名证书 openssl genrsa -out server.key 2048 openssl req -new -subj "/CCN/STJiangSu/LSuZhou/Oldap/OUldap/CN10.20.24.101" -key server.key -out server.csr openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt …

【sgUploadImage】自定义组件:基于elementUI的el-upload封装的上传图片、相片组件,适用于上传缩略图、文章封面

sgUploadImage源码 <template><div :class"$options.name"><ul class"uploadImages"><liclass"uploadImage"v-loading"loadings[i]"v-for"(a, i) in uploadImages":key"i"click"click…

【重生之我在B站学MySQL】

MySQL笔记 文章目录 MySQL的三层结构SQL语句分类sql语句数据库操作创建数据库查看、删除数据库 表操作创建表mysql常用数据类型(列类型)查询表、插入值创建表练习创建一个员工表emp 修改表mysql约束primary key(主键)not null(非空)unique(唯一)foreign key(外键)check自增长 索…

Java版企业电子招标采购系统源业码Spring Cloud + Spring Boot +二次开发+ MybatisPlus + Redis

功能描述 1、门户管理&#xff1a;所有用户可在门户页面查看所有的公告信息及相关的通知信息。主要板块包含&#xff1a;招标公告、非招标公告、系统通知、政策法规。 2、立项管理&#xff1a;企业用户可对需要采购的项目进行立项申请&#xff0c;并提交审批&#xff0c;查看所…

eclipse启动的时候,之前一切很正常,但突然报Reason: Failed to determine a suitable driver class的解决

1、之前项目都是启动正常的&#xff0c;然后运行以后发现启动不了了&#xff0c;还会报错&#xff1a; 2、这个Reason: Failed to determine a suitable driver class&#xff0c;说是没有合适的驱动class spring:datasource:url: jdbc:sqlserver://192.168.1.101:1433;databa…

PostGIS分区表学习相关

在Postgresql中对空间数据进行表分区的实践_postgresql空间数据-CSDN博客文章浏览阅读1.4k次&#xff0c;点赞26次&#xff0c;收藏21次。Postgresql的分区功能允许将一个大表按照特定的规则拆分成多个小的分区表。这样做的好处在于&#xff0c;在查询数据时&#xff0c;可以只…

【sgUploadList】自定义组件:基于elementUI的el-upload封装的上传列表组件,适用于上传附件时

sgUploadList源码 <template><div :class"$options.name"><ul class"files"><li v-for"(a, i) in files" :key"i"><sgFileLink :data"a" remove"remove(a, i)" clearable /></…