Troubleshooting Guide: No unhealthy upstream

The smooth functioning of virtualized environments is crucial for businesses relying on them for efficient operations. However, technical issues can sometimes disrupt the performance of vCenter, causing inconvenience and potential downtime. In this article, we will explore a real-life scenario where a customer’s vCenter encountered problems and discuss the steps taken to resolve them effectively.

Identifying the Issue

Upon investigation, it was discovered that the customer’s vCenter was not coming up, indicating an unhealthy upstream. The first step was to analyze the services and logs to pinpoint the root cause.

Troubleshooting Steps

  • Service Check: The services were checked and restarted, but a specific component, VPXD-svsc, failed to start. This raised concerns and required further investigation.
  • Log Analysis: The logs of VPXD-svsc were examined, but no relevant information was found. The team had to explore alternative approaches to uncover the underlying problem.
  • VDT Tool: To gain deeper insights, the team ran the vSphere Diagnostic Tools (VDT) tool. It quickly identified the cause—a critical issue with the MACHINE_SSL certificate, which had expired.
  • Certificate Restart: An attempt was made to restart the certificate using the command “/usr/lib/vmware-vmca/bin/certificate-manager.” However, an error message appeared, stating that the Certificate Manager tool does not support vCenter HA systems. This obstacle required an alternative solution.
  • File Recovery: The team searched for the certool.cfg file at /usr/lib/vmware-vmca/share/config but found it missing. To overcome this setback, they replicated the contents of certool.cfg from another vCenter and created a new file. The copied data was then pasted into the newly created file.
  • Certificate Regeneration: With the recovered file in place, the team reattempted the certificate regeneration process using the same command but with option 3. This time, they succeeded in regenerating the MACHINE_SSL certificate, resolving the underlying issue.
  • Service Restart: After resolving the certificate problem, the vCenter services needed to be restarted to ensure their proper functioning. This was accomplished by executing the command “service-control –stop –all && service-control –start –all.”
  • Success! With all the services back online, the customer could once again access the vCenter GUI and resume their operations seamlessly.


Technical issues with vCenter can disrupt the productivity and stability of virtualized environments. In the scenario discussed, a non-functioning vCenter led to the investigation of services and logs, revealing an expired certificate as the culprit. By leveraging alternative methods and overcoming unexpected obstacles, the team successfully regenerated the certificate and restarted the services, restoring the vCenter to its optimal state.

Remember, proactive monitoring and regular maintenance of your virtual infrastructure can help prevent such issues and ensure smooth operations. However, in case of any unforeseen challenges, this troubleshooting guide can serve as a valuable resource to help you navigate and overcome them effectively.

Leave a Reply

Your email address will not be published. Required fields are marked *