Pages

Tuesday, May 14, 2013

Critical issue with vCenter appliance 5.1.0.10000

If you use the vCenter appliance, and also use the vSphere Web Client this is a must read. As of the latest vCenter appliance build 5.1.0.10000-1065184 there is a pretty big issue with certificate regeneration. The problem all starts once you turn it on, and reboot. If you do not already know certificate regeneration is required if you are using a self-signed cert, if your cert does not match your host configuration, changed the system IP address after installation, or if the cert is expired. Any of those reasons will prevent you from logging into the Web Client successfully, and require you to turn on certificate regeneration.

Pretty much out of the gate when you deploy a vCenter appliance you either get an IP dynamically or statically if you so configure one. I've found that despite configuring the IP manually when deploying the OVA the IP still has to be configured manually once the virtual appliance is deployed. Once you change the IP address or host name the certificate no longer works for the Web Client. From there if you attempt to login to the web client you will receive the error "Failed to communicate with the vCenter Single Sign On server". 


The fix is to turn on certificate regeneration and reboot. You can turn on certificate regeneration from the admin tab in the vCenter appliance management console via https:// IP Address :5480. Once there you need to click the "Toggle certification setting to enable certificate regeneration.


Per the build listed above if you do your appliance will reboot, go through the startup process, and hang right after loading the database embedded database. I downloaded and re-deployed the appliance once more. I still had the issue. To resolve the problem I downgraded to 5.1.0.5300-947940. In this build it still hangs on "waiting on embedded database to startup" for approximately 10-20 seconds but it does eventually finish the startup process. In the latest build you can wait an hour. It will not move past that point after turning on certificate regeneration.