vCenter Server fails to start after replacing the default SSL certificates with custom SSL certificates
search cancel

vCenter Server fails to start after replacing the default SSL certificates with custom SSL certificates

book

Article ID: 344192

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • After replacing the default SSL certificate with custom SSL certificates, vCenter Server fails to start.
  • The VirtualCenter 2.5.x logs, contains the error:

    Failed to decrypt password. Failed to initialize VMware VirtualCenter. Shutting down...

    Note: The default output location for log files is:

    C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs\ for VirtualCenter 2.5.x, 3.x, and vCenter Server 4.x,5.x

  • In vCenter Server 4.x logs, you see errors similar to:
[0:11:02.751 07108 error 'App'] [VpxKey::Decrypt] crypto failure: error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len
[10:11:02.751 07108 error 'App'] [VpxdCert] Failed to decrypt password: applying key to encrypted data failed (likely the wrong key)
[10:11:02.751 07108 error 'App'] ODBC error: () -
[10:11:02.751 07108 error 'App'] Error getting configuration info from the database
[10:11:02.751 07108 error 'App'] [Vpxd::ServerApp::Init] Init failed: VpxdVdb::Init(Vdb::GetInstance(), false, false)
[10:11:02.751 07108 error 'App'] Failed to intialize VMware VirtualCenter. Shutting down...
[10:11:02.751 07108 info 'App'] Forcing shutdown of VMware VirtualCenter now

Note: The default output location for log files is:

C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs\ for VirtualCenter 2.5.x, 3.x, and vCenter Server 4.x,5.x


Environment

VMware vCenter Server 4.1.x
VMware vCenter Server 5.0.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.5.x
VMware VirtualCenter 2.5.x
VMware vCenter Server 5.1.x

Resolution

This issue occurs because the database password was encrypted using the certificate you replaced.

To resolve this issue, re-enter the database password.

Note: After changing the SSL certificate, all hosts managed by vCenter Server must be re-authenticated. Use the VI Client or the vSphere Center to disconnect and then reconnect the ESXi/ESX hosts.
To re-enter the database password:
  1. Make sure the VirtualCenter Server service is stopped. For more information, see Stopping, starting, or restarting vCenter services (1003895).
  2. Open the command prompt.
  3. Change to the directory where vCenter Server is installed. The default location is C:\Program Files\VMware\Infrastructure\VirtualCenter Server.
  4. To reset the database password, run the command:

    Note: This command rehashes the passwords for the database users from the ODBC connection.

    vpxd.exe -p

  5. When prompted, enter the new password.

  6. Restart the VirtualCenter Server service. For more information see, Stopping, starting, or restarting vCenter services (1003895).

For more information on custom and default SSL certificates, see Generating custom or default SSL certificates (1029944).

Additional Information

For translated versions of this article, see:
Powered by Wolken Software