Search the VMware Knowledge Base (KB)
View by Article ID

vCenter Server fails to start after replacing the default SSL certificates with custom SSL certificates (1003070)

  • 26 Ratings

Details

  • After replacing the default SSL certificate with custom SSL certificates, vCenter Server fails to start.
  • The VirtualCenter 2.5.x logs, contains the error:

    Failed to decrypt password. Failed to initialize VMware VirtualCenter. Shutting down...

    Note: The default output location for log files is:

    C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs\ for VirtualCenter 2.5.x, 3.x, and vCenter Server 4.x,5.x

  • In vCenter Server 4.x logs, you see errors similar to:
[0:11:02.751 07108 error 'App'] [VpxKey::Decrypt] crypto failure: error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len
[10:11:02.751 07108 error 'App'] [VpxdCert] Failed to decrypt password: applying key to encrypted data failed (likely the wrong key)
[10:11:02.751 07108 error 'App'] ODBC error: () -
[10:11:02.751 07108 error 'App'] Error getting configuration info from the database
[10:11:02.751 07108 error 'App'] [Vpxd::ServerApp::Init] Init failed: VpxdVdb::Init(Vdb::GetInstance(), false, false)
[10:11:02.751 07108 error 'App'] Failed to intialize VMware VirtualCenter. Shutting down...
[10:11:02.751 07108 info 'App'] Forcing shutdown of VMware VirtualCenter now

Note: The default output location for log files is:

C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs\ for VirtualCenter 2.5.x, 3.x, and vCenter Server 4.x,5.x

Solution

This issue occurs because the database password was encrypted using the certificate you replaced.

To resolve this issue, re-enter the database password.

Note: After changing the SSL certificate, all hosts managed by vCenter Server must be re-authenticated. Use the VI Client or the vSphere Center to disconnect and then reconnect the ESXi/ESX hosts.
 
To re-enter the database password:
  1. Make sure the VirtualCenter Server service is stopped. For more information, see Stopping, starting, or restarting vCenter services (1003895).
  2. Open the command prompt.
  3. Change to the directory where vCenter Server is installed. The default location is C:\Program Files\VMware\Infrastructure\VirtualCenter Server.
  4. To reset the database password, run the command:

    Note: This command rehashes the passwords for the database users from the ODBC connection.

    vpxd.exe -p

  5. When prompted, enter the new password.
  6. Restart the VirtualCenter Server service. For more information see, Stopping, starting, or restarting vCenter services (1003895).

For more information on custom and default SSL certificates, see Generating custom or default SSL certificates (1029944).

Additional Information

For translated versions of this article, see:

Tags

custom-ssl-certificates  vcenter-regenerating-ssl-certificates

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 26 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 26 Ratings
Actions
KB: