"A vCenter Single Sign-On endpoint certificate validation error has occurred", vCenter Server upgrade from 6.x to 7.0 fails during pre-check
book
Article ID: 322177
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
You are trying to upgrade or migrate vCenter Server from 6.x to 7.0
Pre-check fails with below error message
"A vCenter Single Sign-On endpoint certificate validation error has occurred, The machine SSL certificate in the VMware Endpoint Certificate Store (VECS) does not correspond with the service registration in the VMware Directory Service (vmdir)."
Environment
VMware vCenter Server 7.0.x
Cause
This issue is observed when Machine SSL Certificate of vCenter Server / Platform Services Controller is not matching to the sslTrust in corresponding service registrations with VMware Lookup Service.
Resolution
To resolve the issue, perform lsdoctor --trustfix to correct the sslTrust mismatch on the source vCenter Server / Platform Services Controller. For more information refer to KB Using the 'lsdoctor' Tool
Download Lsdoctor tility attached to the KB https://kb.vmware.com/s/article/80469
copy and extract lsdoctor to the filesystem of any node in the same SSO site as the affected node(s)
Run “python lsdoctor.py -t” on VCSA and "%VMWARE_PYTHON_BIN%" lsdoctor.py -t on Windows vCenter Server
Verify that you have taken the appropriate snapshots
Provide the password for your SSO administrator account