"A vCenter Single Sign-On endpoint certificate validation error has occurred", vCenter Server upgrade from 6.x to 7.0 fails during pre-check
search cancel

"A vCenter Single Sign-On endpoint certificate validation error has occurred", vCenter Server upgrade from 6.x to 7.0 fails during pre-check

book

Article ID: 322177

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • You are trying to upgrade or migrate vCenter Server from 6.x to 7.0
  • Pre-check fails with below error message
"A vCenter Single Sign-On endpoint certificate validation error has occurred, The machine SSL certificate in the VMware Endpoint Certificate Store (VECS) does not correspond with the service registration in the VMware Directory Service (vmdir)."


Environment

VMware vCenter Server 7.0.x

Cause

This issue is observed when Machine SSL Certificate of vCenter Server / Platform Services Controller is  not matching to the sslTrust in corresponding service registrations with VMware Lookup Service.

Resolution

To resolve the issue, perform lsdoctor --trustfix to correct the sslTrust mismatch on the source vCenter Server / Platform Services Controller. For more information refer to KB Using the 'lsdoctor' Tool
  • Download Lsdoctor tility attached to the KB https://kb.vmware.com/s/article/80469
  • copy and extract lsdoctor to the filesystem of any node in the same SSO site as the affected node(s)
  • Run “python lsdoctor.py -t” on VCSA and "%VMWARE_PYTHON_BIN%" lsdoctor.py -t on Windows vCenter Server
  • Verify that you have taken the appropriate snapshots
  • Provide the password for your SSO administrator account


Powered by Wolken Software