Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

vCenter Server fails to start after replacing the default SSL certificates with custom SSL certificates (1003070)

Details

  • After replacing the default SSL certificate with custom SSL certificates, vCenter Server fails to start.
  • In VirtualCenter 2.5.x logs, you see the error:

    Failed to decrypt password. Failed to initialize VMware VirtualCenter. Shutting down...
  • In vCenter Server 4.x logs, you see errors similar to:

    [2010-06-01 10:11:02.751 07108 error 'App'] [VpxKey::Decrypt] crypto failure: error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len
    [2010-06-01 10:11:02.751 07108 error 'App'] [VpxdCert] Failed to decrypt password: applying key to encrypted data failed (likely the wrong key)
    [2010-06-01 10:11:02.751 07108 error 'App'] ODBC error: () -
    [2010-06-01 10:11:02.751 07108 error 'App'] Error getting configuration info from the database
    [2010-06-01 10:11:02.751 07108 error 'App'] [Vpxd::ServerApp::Init] Init failed: VpxdVdb::Init(Vdb::GetInstance(), false, false)
    [2010-06-01 10:11:02.751 07108 error 'App'] Failed to intialize VMware VirtualCenter. Shutting down...
    [2010-06-01 10:11:02.751 07108 info 'App'] Forcing shutdown of VMware VirtualCenter now

Solution

This issue occurs because the database password was encrypted using the certificate you replaced.
 
To resolve this issue, re-enter the database password:
  1. Make sure the VirtualCenter Server service is stopped. For more information, see Stopping, starting, or restarting vCenter services (1003895).
  2. Open command prompt.
  3. Change to the directory where vCenter Server is installed. The default location is C:\Program Files\VMware\Infrastructure\VirtualCenter Server.
  4. Run this command to reset the database password:

    vpxd.exe -p

    Note: This command rehashes the passwords for the database users from the ODBC connection.
  5. When prompted, enter the new password.

  6. Restart the VirtualCenter Server service.

Note: After changing the SSL certificate, all hosts managed by vCenter Server must be re-authenticated. To do so, use the VI Client or the vSphere Center to disconnect and then reconnect the hosts.

For more information on custom and default SSL certificates, see Generating custom or default SSL certificates (1029944).

Tags

custom-ssl-certificates  vcenter-regenerating-ssl-certificates

Keywords

vpxd.exe, VirtualCenter, SSL certificate

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 14 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 14 Ratings
Actions
KB: