暂无图片
暂无图片
暂无图片
暂无图片
暂无图片
首页 / vmware登陆的503报错处理

vmware登陆的503报错处理

IT那活儿 2023-11-06
990
点击上方“IT那活儿”公众号,关注后了解更多内容,不管IT什么活儿,干就完了!!!



问题现象



vmare登陆时页面出现503报错,如图:




处理过程



2.1 替换过期证书

本次过期证书为data-encipherment(数据加密证书),通过脚本进行证书修复:
fix_encipherment_cert.sh
#!/bin/bash
# Run this from the vCenter Server where data-encipherment certificate is expired and needs to be replaced

echo "Replacing Certificate in data-encipherment VECS Store"

echo ""
PNID=$(/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\vmafd\Parameters]' | grep PNID | awk '{print $4}'|tr -d '"')
echo "Detected PNID: $PNID"

echo ""
PSC=$(/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\vmafd\Parameters]' | grep DCName | awk '{print $4}'|tr -d '"')
echo "Detected PSC: $PSC"

echo ""
echo "Taking backup of old certificate and private key to tmp directory"
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store data-encipherment --alias data-encipherment --output /tmp/old-data-encipherment.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store data-encipherment --alias data-encipherment --output /tmp/old-data-encipherment.key

echo ""
echo "Deleting the existing certificate from the VECS store"
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete -y --store data-encipherment --alias data-encipherment

echo ""
echo "Generating new certificate using the existing private key and add to the VECS store"
/usr/lib/vmware-vmca/bin/certool --server=$PSC --genCIScert --dataencipherment --privkey=/tmp/old-data-encipherment.key --cert=/tmp/tmp-data-encipherment.crt --Name=data-encipherment --FQDN=$PNID

echo ""
echo "Listing the new certificate in VECS Store"
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store data-encipherment --text | egrep 'Alias|Serial Number:|Subject:|Not Before|Not After'

echo ""
echo "*************************************************************************************************************************"
echo " Completed the script execution, please follow the manual steps in case the script fails to replace the Certificate"
echo ""
echo " VPXD Service needs to be restarted for the changes to take effect, otherwise Guest OS Customizations might fail"
echo " Please execute following command to restart the service: "
echo ""
echo " service-control --stop vpxd && service-control --start vpxd "
echo "*************************************************************************************************************************"
2.2 重置所有证书
执行/usr/lib/vmware-vmca/bin/certificate-manager命令,如下:
证书重置过程会重启服务,所以无需再进行重启。

参考:

1)证书更新链接
  • https://kb.vmware.com/s/article/88548?lang=en_US#shell_script_steps
  • https://www.dell.com/support/kbdoc/zh-cn/000193562/vmware-vpxd-service-cannot-be-started-on-vcenter-after-certificates-update?lang=en
  • https://www.dell.com/support/kbdoc/zh-cn/000082108/dell-emc-vxrail-unable-to-log-in-to-vcenter-due-to-expired-certificates-customer-correctable
2)相关命令
  • service-control --stop –all       #停止所有服务
  • service-control --start –all     #启动所有服务
  • service-control –status          #服务状态查看
  • service-control --stop vmware-vpxd  #单个服务停止
  • service-control --start vmware-vpxd  #单个服务启动
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); 
do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli 
entry list --store $i --text | egrep "Alias|Not After"; done #证书有效期查看
3)相关日志
/storage/log/vmware/vpxd/vpxd.log
/storage/log/vmware/vmon/vmon-syslog.log
/storage/log/vmware/vpxd-svcs/vpxd-svcs.log


END


本文作者:潘宗昊(上海新炬中北团队)

本文来源:“IT那活儿”公众号

vmware
文章转载自IT那活儿,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

评论