Search the VMware Knowledge Base (KB)
View by Article ID

ERROR certificate-manager 'lstool get' failed: 1 (2150057)

  • 6 Ratings
Language Editions

Symptoms

In the certificate-manager.log file, you see entries similar to:

2017-04-21T17:11:53.316Z INFO certificate-manager Serial number before replacement: d8:57:4f:7b:ad:13:88:01
2017-04-21T17:11:53.317Z INFO certificate-manager Serial number after replacement: cb:69:1a:36:fb:11:c6:05
2017-04-21T17:11:53.317Z INFO certificate-manager Thumbprint before replacement: 4D:77:A3:71:E3:84:76:21:B2:A1:00:19:53:AD:5C:AD:6B:EE:59:5F
2017-04-21T17:11:53.317Z INFO certificate-manager Thumbprint after replacement: 65:93:91:BE:F5:A6:65:DB:20:5C:6C:B6:09:34:AC:ED:BA:A3:5C:4E
2017-04-21T17:11:53.325Z INFO certificate-manager MACHINE_SSL_CERT certificate replaced successfully. SerialNumber and Thumbprint changed.
2017-04-21T17:13:43.632Z ERROR certificate-manager Error while performing Cert Replacement operation, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
2017-04-21T17:13:43.632Z ERROR certificate-manager 'lstool get' failed: 1
2017-04-21T17:13:43.632Z INFO certificate-manager Performing rollback of Root Cert...
2017-04-21T17:13:43.632Z INFO certificate-manager Running command :- ['/usr/lib/vmware-vmca/bin/certool', '--rootca', '--cert', '/var/lib/vmware/vmca/root.cer.0', '--privkey', '/var/lib/vmware/vmca/privatekey.pem.0', '--server', 'localhost']
2017-04-21T17:13:43.832Z INFO certificate-manager Command output :- 
Status : Success


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Cause

This issue occurs when there are third party extensions like nimble storage and veeambackupUI etc. with no valid certificates and failed to get the information for the service ID.

Resolution

To resolve this issue, remove the third party extension and retry replacing the certificates.

Note: Take a backup of the vCenter database before making any changes.

  1. To the service ID of the third party extension causing the error will be seen above the error message(as shown in the screenshot below). You can remove them from the vCenter MOB.

    Identifying service causing issue


  2. Restart vSphere-client services on vCenter Server.
  3. Replace the certificates.

See Also

Language Editions

zh_cn,2151036

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 6 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 6 Ratings
Actions
KB: