You will encounter this issue while upgrading your vCenter at stage 2. This error will look similar to the below:
This can be due to the following reasons:
- The Common Name (CN) is equivalent to the Personal Name Identifier (PNID).
- Certificates can have multiple Domain Name System (DNS) entries in the Subject Alternative Name (SAN).
- The workflow checks for a match with the PNID against the CN first. If it fails, it checks against the DNS entries.
Table of Contents
Follow the below command and reset all the certificates:
This will clear the certificate and you will able to proceed with the upgrade.
But sometime the above method will not work. Then you need to run the ls doctor script. You can download the script from the below link:
Once ls doctor is downloaded. Move the zip to the vCenter using WinSCP into temp dir. Log in to vCenter using SSH and enter the below commands
python lsdoctor.py -l
python lsdoctor.py -t
service-control --stop --all
service-control --start --all
The above command will perform the following actions:
- Navigate to the tmp directory.
- Unzip the lsdoctor zip file.
- Go to the lsdoctor-master directory with the “cd lsdoctor-master” command.
- Use the “-l” option to list potential issues.
- Run the “-s” and “-t” options one after another for stalefix and trustfix.
- Restart the vCenter service using the provided commands.
- Attempt to upgrade vCenter.
If you need any assistance, please don’t hesitate to ask in the comments section. We will be happy to help you further.