Search the VMware Knowledge Base (KB)
View by Article ID

"Signed certificate could not be retrieved due to a start time error" when adding ESXi host to vCenter Server 6.0 (2123386)

  • 20 Ratings
Language Editions

Details

When you replace the VMware Certificate Authority root certificate with an enterprise subordinate certificate, you experience these symptoms:

  • The certificate has been valid for less than 24 hours
  • You are unable to join a VMware vSphere ESXi host to VMware vCenter Server
  • You see the error:

    A general system error occurred: Unable to get signed certificate for host: esxi_hostname. Error: Start Time Error (70034)

Solution

When adding a host to VMware vCenter Server, the VMware Certificate Authority predates VMware vSphere ESXi certificates by 24 hours to avoid time synchronization issues.

This behavior is changed in VMware vCenter 6.0 Update 2 and later with the advanced setting vpxd.certmgmt.certs.minutesBefore, available at VMware Downloads. For more information, see the VMware vCenter Server 6.0 Update 2 release notes.

To change the vpxd.certmgmt.certs.minutesBefore to 10:
  1. Connect to the vCenter Server using the vSphere Client and administrator credentials.
  2. Select Administration > vCenter Server Settings to display the vCenter Server Settings dialog box.
  3. In the settings list, select Advanced Settings.
  4. In the Key field, type a key.
  5. In the Key field, enter this key:

    vpxd.certmgmt.certs.minutesBefore

  6. In the Value field, enter:

    10

  7. Click Add.
  8. Click OK.

To work around this issue if you do not want to upgrade, use one of these options:
  • Wait 24 hours after replacing the VMware Certificate Authority certificate with an enterprise subordinate certificate before attempting to add additional hosts to vCenter Server.
  • Join hosts to VMware vCenter Server prior to replacing the VMware Certificate Authority certificate with an enterprise subordinate certificate.

    Note: VMware vSphere ESXi hosts added to VMware vCenter Server prior to replacing the VMware Certificate Authority certificate are not affected.

Additional Information

For translated versions of this article, see:

Update History

03/15/2016 - Added the details of the vCenter Server 6.0 Update 2 release, which resolves this issue.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 20 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 20 Ratings
Actions
KB: