top of page
Search
viquarmca
Dec 3, 20221 min read

VCF 4.4 Unable To Perform Certificate Precheck For SDDC Manager As It Is Not Enabled

In this Blog we will talk about VCF 4.4 where we were trying to do the precheck on the MGMT domain but it was failing with an error message " Upgrade precheck start failed. precheck not implemented for type SDDC_SECURITY_CONFIGURATION". The sddc reporting back the it cannot perform the precheck as it not enabled or configured . The Certificate status in the sddc manager UI is working fine and status was good . We also check the SOS check on the Certs and it was all good with GREEN . lets dive in to see how we fix the issue .


SDDC Manager : bng-sddcm-01.lab.com

Certificates : GREEN




Check the /var/log/vmware/vcf/lcm/lcm.log and the error reports precheck has not enabled.


2022-11-25T11:07:42.919+0000 DEBUG [vcf_lcm,564ac3537b064c09,f911,precheckId=b12fa641-b126-4ad2-99c6-1fa17d80f164,resourceType=SDDC_SECURITY_CONFIGURATION,resourceId=null] [c.v

.e.s.l.p.e.i.VcfServicePrimitiveImpl,Precheck-44] Data in precheckTaskNameMap for Security Configuration map is {VCF_SECURITY_CERTIFICATE_VALIDATION_ENABLED=Checks if certificate validation is enabled in VMware Cloud Foundation , KNOWN_HOSTS_HEALTH_CHECK=Checks security configuration of the known_hosts., TRUSTSTORE_HEALTH_CHECK=Checks security configuration of the trust store., MICROSOFT_CA_SERVER_CHECK=Checks security configuration of the Microsoft Certificate Authority server}

2022-11-25T11:07:42.921+0000 ERROR [vcf_lcm,564ac3537b064c09,f911,precheckId=b12fa641-b126-4ad2-99c6-1fa17d80f164,resourceType=SDDC_SECURITY_CONFIGURATION,resourceId=null] [c.v

.e.s.l.p.c.s.LcmSecurityService,Precheck-44] Certificate validation is NOT enabled


/var/log/vmware/vcf/operationmanager/operationmanager.log


2022-11-25T11:36:26.687+0000 INFO [vcf_om,0ecd9886d72ef488,b5ed] [c.v.v.o.r.a.c.OperationsManagerAbout,http-nio-127.0.0.1-7300-exec-5] Getting Operations Manager service info

2022-11-25T11:36:29.259+0000 DEBUG [vcf_om,0000000000000000,0000] [c.v.v.s.c.s.SecurityConfigurationServiceImpl,pool-1-thread-1] Security config retrieved {"certificateValidationEnabled":false,"fipsMode":false}


WorkAround :


  1. Confirmed We didn't had any Certificate issue from the SOS and the logs .

  2. Changed the option back to enabled by running the command "curl -X POST -H "Content-Type: application/json" -d '{"fipsMode":false,"certificateValidationEnabled":true}' http://localhost/appliancemanager/securitySettings"

  3. After which the precheck for the Certifcate was passed without any issues.

44 views0 comments

Recent Posts

See All

Comments

bottom of page