搜索到
1
篇与
的结果
-
处理Vcenter 更新证书后NSX无法连接 处理Vcenter 更新证书后NSX无法连接1. 背景vcenter ssl证书即将过期,通过vcenter界面手动续期证书后NSX无法连接2. 错误信息2.1 NSX - Lookup Service URL 错误信息NSX Management Service operation failed.( 管理注册服务提供程序初始化失败。 根本原因: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured )2.2 VCenter - 主机准备未就绪现象1: VCenter - 网络和安全 - 安装和升级 - 主机准备 位置的状态为未就绪现象2: 弹出提示 ESX agent 未就绪3.解决方案3.1 解决问题 2.1登陆https://vcenter_IP_or_FQDN:5480/ 使用vcenter web账号密码登录访问 - 编辑 - 启用ssh登陆 - 确定ssh登录到Vcenter###########################x.x.x.x改为vcenter IP########################### MacBook-Pro ~ % ssh root@x.x.x.x VMware vCenter Server Appliance 6.7.0.50000 Type: vCenter Server with an embedded Platform Services Controller ###########################填入密码########################### root@x.x.x.x's password: Last login: Wed Mar 27 10:18:33 2024 from 192.168.89.1 Connected to service * List APIs: "help api list" * List Plugins: "help pi list" * Launch BASH: "shell" ###########################输入shell 然后回车########################### Command> shell Shell access is granted to root root@xxx [ ~ ]# 将脚本 ls_ssltrust_fixer_p3.py(点击下载) 放置到 /usr/lib/vmidentity/tools/scripts/ 路径下执行以下命令:###########################扫描证书########################### root@photon-machine [ ~ ]# python /usr/lib/vmidentity/tools/scripts/ls_ssltrust_fixer_p3.py -f scan Running function 'scan' Scan Phase1: Getting service IDs Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true Found 35 service IDs Scan Phase2: Getting spec and verifying certicate/trust Processing ID: b'2d10e347-d40c-4678-94ed-759afb90cba8' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'5f7e35c3-50ee-4fdc-aba2-95bc6a98099f' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'548ffa6c-233c-49a7-9e06-6f1baab494fe' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'c4160a88-fd51-4e9e-8ce6-837b65987130' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'e0d673d3-f28e-4cff-b8d4-9b8e8020d833' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'default-site:522421e2-cf6f-407f-8965-594832d21e28' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'0b57e806-0c8b-4354-a941-bdcf37652465' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'default-site:af4ac372-7fbd-470a-8e8e-f9de68c1d16b' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'68e23985-a7e0-4497-aa02-b1c98f0f7d7c' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'b9c01fb7-069e-4d5e-b728-5dfc574a7acb' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'31a92fe9-b350-4067-92b8-6f94f7416ab7' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'c9fc7aa6-55cf-464f-8537-4981344db54c' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'd1575df1-c6e2-449e-b615-153841dd98c9' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'68e23985-a7e0-4497-aa02-b1c98f0f7d7c_authz' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'bfd58f1c-9d6e-4f9a-985f-d784f7f4d357' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x skipping validation as external solution on:b'55171520-02b8-4ea2-9276-f1ecc4cb019a_com.vmware.vsphere.client' Processing ID: b'24b3a39c-6a2c-41d5-b2d9-805f378d0b56' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'442a8577-e202-4457-b297-90827d6e8dce' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'6e98e977-6bde-4c58-bd96-0cfa170c5bab' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'4ecee96d-6e1f-4453-a351-628f9fcff978' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'72c282c0-7a8e-4472-94ba-43c00a0d7ae0' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'68e23985-a7e0-4497-aa02-b1c98f0f7d7c_kv' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'd2662e4c-7db8-40b2-a635-d563995d920c' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'd8183917-3b50-42c1-b4a0-0f4f03dfd654' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'33d42e30-65bf-4e7e-aa9f-2332d24e447c' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'default-site:9f8144ec-b405-40fd-8f1f-0aee6b3e6185' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'55171520-02b8-4ea2-9276-f1ecc4cb019a' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'6e901082-6a36-4239-86cc-463c7059f8d6' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'e304c0b9-01c2-424b-a5c2-2ffde66e76fa' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'654b4cdb-7405-4aea-b4ad-d6a279f5e6d7' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'6db23bca-9379-4a0c-84ea-09c255247849' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'450323ff-0d00-4b49-b09e-29ef2bdcd927' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'910bed68-59c8-487b-b8ab-967a13ddce48' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'cfe3b13a-fef3-4a58-b461-5212baccb8ca' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x Processing ID: b'b78e3c49-b904-437f-af2f-5db2fad76c9f' Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true FQDN used to retrieve current certificate:x.x.x.x ***WARNING*** 4 Mismatched ID(s) found Written mismatched IDs to /var/log/ls_ssltrust_fixer/mismatchIDs List of registrations with cert mismatch **************************************** ID: b'default-site:522421e2-cf6f-407f-8965-594832d21e28' spec: /var/log/ls_ssltrust_fixer/default-site%522421e2-cf6f-407f-8965-594832d21e28 cert in use: /var/log/ls_ssltrust_fixer/default-site%522421e2-cf6f-407f-8965-594832d21e28.newcert ID: b'default-site:af4ac372-7fbd-470a-8e8e-f9de68c1d16b' spec: /var/log/ls_ssltrust_fixer/default-site%af4ac372-7fbd-470a-8e8e-f9de68c1d16b cert in use: /var/log/ls_ssltrust_fixer/default-site%af4ac372-7fbd-470a-8e8e-f9de68c1d16b.newcert ID: b'default-site:9f8144ec-b405-40fd-8f1f-0aee6b3e6185' spec: /var/log/ls_ssltrust_fixer/default-site%9f8144ec-b405-40fd-8f1f-0aee6b3e6185 cert in use: /var/log/ls_ssltrust_fixer/default-site%9f8144ec-b405-40fd-8f1f-0aee6b3e6185.newcert ID: b'cfe3b13a-fef3-4a58-b461-5212baccb8ca' spec: /var/log/ls_ssltrust_fixer/cfe3b13a-fef3-4a58-b461-5212baccb8ca cert in use: /var/log/ls_ssltrust_fixer/cfe3b13a-fef3-4a58-b461-5212baccb8ca.newcert Please DOUBLE CHECK the detection before running 'fix' NOTE: Partial upgrade state of 5.5 to 6.x is unsupported for this tool- 5.5 web client registration might change Completed running function 'scan' ###########################修复命令########################### root@photon-machine [ ~ ]# python /usr/lib/vmidentity/tools/scripts/ls_ssltrust_fixer_p3.py -f fix Running function 'fix' Fix phase 1: Reading IDs with incorrect certificate from scan results Using mismatch ID list from: /var/log/ls_ssltrust_fixer/mismatchIDs ###########################WEB登录账号,默认回车########################### SSO administrator user (Default:Administrator@vsphere.local): ###########################输入web登录密码########################### Password for Administrator@vsphere.local: Fix phase 2: Collecting site topology information Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true <class 'bytes'> Fix Phase 3: creating new spec file with new ssltrust values and register Fixing ID: default-site:522421e2-cf6f-407f-8965-594832d21e28 Updated 1 End points with new cert for ID: default-site:522421e2-cf6f-407f-8965-594832d21e28 Re-registering ID: default-site:522421e2-cf6f-407f-8965-594832d21e28 using lsURL: https://x.x.x.x/lookupservice/sdk Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true Fixing ID: default-site:522421e2-cf6f-407f-8965-594832d21e28 completed Fixing ID: default-site:af4ac372-7fbd-470a-8e8e-f9de68c1d16b Updated 1 End points with new cert for ID: default-site:af4ac372-7fbd-470a-8e8e-f9de68c1d16b Re-registering ID: default-site:af4ac372-7fbd-470a-8e8e-f9de68c1d16b using lsURL: https://x.x.x.x/lookupservice/sdk Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true Fixing ID: default-site:af4ac372-7fbd-470a-8e8e-f9de68c1d16b completed Fixing ID: default-site:9f8144ec-b405-40fd-8f1f-0aee6b3e6185 Updated 1 End points with new cert for ID: default-site:9f8144ec-b405-40fd-8f1f-0aee6b3e6185 Re-registering ID: default-site:9f8144ec-b405-40fd-8f1f-0aee6b3e6185 using lsURL: https://x.x.x.x/lookupservice/sdk Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true Fixing ID: default-site:9f8144ec-b405-40fd-8f1f-0aee6b3e6185 completed Fixing ID: cfe3b13a-fef3-4a58-b461-5212baccb8ca Updated 8 End points with new cert for ID: cfe3b13a-fef3-4a58-b461-5212baccb8ca Re-registering ID: cfe3b13a-fef3-4a58-b461-5212baccb8ca using lsURL: https://x.x.x.x/lookupservice/sdk Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true Fixing ID: cfe3b13a-fef3-4a58-b461-5212baccb8ca completed *** 11 endpoints for 4 service IDs updated with current cetificates and trust *** Completed running function 'fix' root@photon-machine [ ~ ]# 修复完成后去NSX管理界面执行 Lookup Service URL 成功完成3.2 解决问题 2.2ssh登录VCenter执行命令:###########################x.x.x.x改为vcenter IP########################### MacBook-Pro ~ % ssh root@x.x.x.x VMware vCenter Server Appliance 6.7.0.50000 Type: vCenter Server with an embedded Platform Services Controller ###########################填入密码########################### root@192.168.88.49's password: Password: [ERROR]: Failed to connect to service. Use service-control command to manage applmgmt service * List APIs: "help api list" * List Plugins: "help pi list" * Launch BASH: "shell" ###########################输入shell########################### Command> shell Shell access is granted to root ###########################创建一个目录########################### root@photon-machine [ ~ ]# mkdir /certificate ###########################获取crt########################### root@photon-machine [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt ###########################获取Key########################### root@photon-machine [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.key ###########################更新扩展证书########################### ###########################-s:vcenter IP -u:web登录用户########################### root@photon-machine [ ~ ]# python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.vim.eam -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s x.x.x.x -u Administrator@vsphere.local ###########################输入web登录密码########################### Password to connect to VC server for user="Administrator@vsphere.local": 2024-03-27T03:39:24.377Z Updating certificate for "com.vmware.vim.eam" extension 2024-03-27T03:39:24.498Z Successfully updated certificate for "com.vmware.vim.eam" extension 2024-03-27T03:39:24.517Z Verified login to vCenter Server using certificate="/certificate/vpxd-extension.crt" is successful更新完成后 VCenter 网页刷新下观察防火墙页面状态
