VC密码正确无法登陆。证书过期。处理。
错误提示:
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x00007fecb000b770] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)
进入ssh界面
检查chip空间十分正常:
root@record [ ~ ]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 7.9G 0 7.9G 0% /dev
tmpfs 7.9G 12K 7.9G 1% /dev/shm
tmpfs 7.9G 700K 7.9G 1% /run
tmpfs 7.9G 0 7.9G 0% /sys/fs/cgroup
/dev/sda3 11G 5.5G 4.7G 55% /
tmpfs 7.9G 18M 7.9G 1% /tmp
/dev/mapper/netdump_vg-netdump 985M 1.3M 932M 1% /storage/netdump
/dev/mapper/log_vg-log 9.8G 3.1G 6.2G 34% /storage/log
/dev/mapper/imagebuilder_vg-imagebuilder 9.8G 23M 9.2G 1% /storage/imagebuilder
/dev/mapper/db_vg-db 9.8G 242M 9.0G 3% /storage/db
/dev/mapper/core_vg-core 50G 52M 47G 1% /storage/core
/dev/mapper/autodeploy_vg-autodeploy 9.8G 23M 9.2G 1% /storage/autodeploy
/dev/mapper/updatemgr_vg-updatemgr 99G 98M 94G 1% /storage/updatemgr
/dev/mapper/dblog_vg-dblog 15G 230M 14G 2% /storage/dblog
/dev/mapper/seat_vg-seat 25G 1.3G 22G 6% /storage/seat
/dev/sda1 120M 28M 87M 25% /boot
检查证书是否过期:
root@record [ /tmp1 ]# python checksts.py2 VALID CERTS
================LEAF CERTS:[] Certificate 77:B0:98:2C:F6:A5:76:78:79:97:47:74:05:BE:82:9C:1A:CA:52:95 will expire in 730 days (2.0 years).ROOT CERTS:[] Certificate 0A:95:66:2A:38:52:F2:24:17:D9:BC:66:0C:E8:5C:C2:31:80:54:05 will expire in 2915 days (7.0 years).0 EXPIRED CERTS
================LEAF CERTS:NoneROOT CERTS:None
root@record [ /tmp1 ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done
STORE MACHINE_SSL_CERT
Alias : __MACHINE_CERTNot After : Aug 27 21:14:59 2021 GMT
STORE TRUSTED_ROOTS
Alias : 0a95662a3852f22417d9bc660ce85cc231805405Not After : Aug 22 09:14:26 2029 GMT
STORE TRUSTED_ROOT_CRLS
Alias : 615ffd35bd0c86bd4e1a482b975fca208fc422d6
STORE machine
Alias : machineNot After : Aug 27 09:05:53 2021 GMT
STORE vsphere-webclient
Alias : vsphere-webclientNot After : Aug 27 09:05:58 2021 GMT
STORE vpxd
Alias : vpxdNot After : Aug 27 09:06:05 2021 GMT
STORE vpxd-extension
Alias : vpxd-extensionNot After : Aug 27 09:06:06 2021 GMT
STORE SMS
Alias : sms_self_signedNot After : Aug 28 09:20:48 2029 GMT
STORE BACKUP_STORE
Alias : bkp___MACHINE_CERTNot After : Aug 27 21:14:59 2021 GMT
Alias : bkp_machineNot After : Aug 27 09:05:53 2021 GMT
Alias : bkp_vsphere-webclientNot After : Aug 27 09:05:58 2021 GMT
Alias : bkp_vpxdNot After : Aug 27 09:06:05 2021 GMT
Alias : bkp_vpxd-extensionNot After : Aug 27 09:06:06 2021 GMT
发现证书过期:
查询服务名称信息
root@record [ /tmp1 ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
192.16.86.240
更新证书
root@record [ /tmp1 ]# /usr/lib/vmware-vmca/bin/certificate-manager_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | || *** Welcome to the vSphere 6.5 Certificate Manager *** || || -- Select Operation -- || || 1. Replace Machine SSL certificate with Custom Certificate || || 2. Replace VMCA Root certificate with Custom Signing || Certificate and replace all Certificates || || 3. Replace Machine SSL certificate with VMCA Certificate || || 4. Regenerate a new VMCA Root Certificate and || replace all certificates || || 5. Replace Solution user certificates with || Custom Certificate || || 6. Replace Solution user certificates with VMCA certificates || || 7. Revert last performed operation by re-publishing old || certificates || || 8. Reset all Certificates ||_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 8
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : Y
Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:Administrator@vsphere.local
Enter password:
Please configure certool.cfg with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for 'Country' [Default value : US] :
Enter proper value for 'Name' [Default value : CA] :
Enter proper value for 'Organization' [Default value : VMware] :
Enter proper value for 'OrgUnit' [Default value : VMware Engineering] :
Enter proper value for 'State' [Default value : California] :
Enter proper value for 'Locality' [Default value : Palo Alto] :
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : 192.16.86.240
Enter proper value for 'Email' [Default value : email@acme.com] :
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : 192.16.86.240
Enter proper value for VMCA 'Name' :192.16.86.240
Continue operation : Option[Y/N] ? : y
You are going to reset by regenerating Root Certificate and replace all certificates using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameCompleted [Reset Machine SSL Cert...]
Reset status : 100% Completed [Reset completed successfully]
root@record [ /tmp1 ]# reboot -f
root@record [ /tmp1 ]# ./fixsts.sh
NOTE: This works on external and embedded PSCs
This script will do the following
1: Regenerate STS certificate
What is needed?
1: Offline snapshots of VCs/PSCs
2: SSO Admin Password
IMPORTANT: This script should only be run on a single PSC per SSO domain
==================================
Resetting STS certificate for record started on Sat Sep 4 14:55:30 CST 2021Detected DN: cn=192.16.86.240,ou=Domain Controllers,dc=vsphere,dc=local
Detected PNID: 192.16.86.240
Detected PSC: 192.16.86.240
Detected SSO domain name: vsphere.local
Detected Machine ID: 1cd37eb5-541c-40ac-9d6f-f49c41f35515
Detected IP Address: 192.16.86.240
Domain CN: dc=vsphere,dc=local
==================================
==================================Detected Root's certificate expiration date: 2029 Aug 29
Detected today's date: 2021 Sep 4
==================================Exporting and generating STS certificateStatus : Success
Using config file : /tmp/vmware-fixsts/certool.cfg
Status : SuccessEnter password for administrator@vsphere.local:
Amount of tenant credentials: 1
Exporting tenant 1 to /tmp/vmware-fixstsDeleting tenant 1Amount of trustedcertchains: 1
Exporting trustedcertchain 1 to /tmp/vmware-fixstsDeleting trustedcertchain 1Applying newly generated STS certificate to SSO domain
adding new entry "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"adding new entry "cn=TrustedCertChain-1,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"Replacement finished - Please restart services on all vCenters and PSCs in your SSO domain
==================================
IMPORTANT: In case you're using HLM (Hybrid Linked Mode) without a gateway, you would need to re-sync the certs from Cloud to On-Prem after following this procedure
==================================
==================================
root@record [ /tmp1 ]# reboot -f
VC密码正确无法登陆。证书过期。处理。相关推荐
- sql yog 出现 access denied for user root@localhost 但是密码正确
在打开sqlyog得时候出现了 密码正确但是登陆不上得问题 - 首先我们先按 win+R 输入命令 "services.msc" 打开服务 然后找到你得 mysql57得服务 并鼠 ...
- 检查vCenter Server上STS证书的过期日期(79248)(STS证书过期,导致 vCenter 报503无法登陆VC)
检查vCenter Server上STS证书的过期日期(79248) 上次更新时间:2020/6/11分类:如何 1个语言: 简体中文)日本西班牙文英语 ...
- 模拟一个“系统登陆“窗体,进行用户名和密码的验证: 1.当用户名和密码都正确时,弹出一个对话框,提示“用户名和密码正确”, 2.用户名错误,弹出一个对话框,提示“用户名错误,请重新输入!”
模拟一个"系统登陆"窗体,进行用户名和密码的验证: 1.当用户名和密码都正确时,弹出一个对话框,提示"用户名和密码正确", 2.用户名错误,弹出一个对话框,提示 ...
- 登陆淘宝账号,提示证书过期
近日 ,遇到一客户,10年前的老本,方屏.登陆淘宝网,点"登陆"时,提示证书过期.有"关闭此耍页面""继续浏览"两个选项,点"继续 ...
- 模拟QQ登陆,输入账号与密码,如果账号与密码正确则显示登录成功, 如果失败则重新登录,并显示登录错误几次,如果登录错误三次则程序结束登录失败。
模拟QQ登陆,输入账号与密码,如果账号与密码正确则显示登录成功,如果失败则重新登录,并显示登录错误几次,如果登录错误三次则程序结束登录失败. public class Test3 { public s ...
- 设计登陆窗口界面,当输入账号密码正确时,界面如图一所示,当输入账号密码有误时,界面如图二所示。 import java.awt.*; import java.awt.event.*; import
//设计登陆窗口界面,当输入账号密码正确时,界面如图一所示,当输入账号密码有误时,界面如图二所示. import java.awt.*; import java.awt.event.*; import ...
- mysql密码输入正确但是登陆不进去
mysql密码输入正确但是登陆不进去 ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password YES ...
- C语言:编写代码实现,模拟用户登入情景,并且只能登入三次。(只允许输入三次,如果密码正确则提示登陆成功,如果三次均输入错误,则退出程序)
#define _CRT_SECURE_NO_WARNINGS 1 #include<stdio.h> #include<string.h> int main() { ...
- mysql无法本地登陆_MySQL密码正确却无法本地登录的解决方法
MySQL root密码正确,却怎么也无法从本地登录MySQL,提示 复制代码 代码如下: ERROR 1045 (28000): Access denied for user 'root'@'loc ...
- EMC VNX证书过期解决方案
想登录一台vnx5400存储的管理口,win10系统登录不上,有java问题,我就装了一台xp虚拟机,安装java1.7 32位版本,还是不行,提示证书不行,没在意,以为是java的问题,装java1 ...
最新文章
- 2021CCF颁奖典礼首次多平台网络直播,致敬获得者!CCF杰出工程师
- 三星S7 android操作系统耗电,2K屏手机玩游戏耗电大、性能渣?三星S7:呵呵
- [031] 实战:书大师网站开发准备
- 设置SQLServer数据库内存
- 基于JAVA+SpringBoot+Mybatis+MYSQL的进销存管理系统
- 关于XIFF开发IM的一些想法
- 查看登陆系统用户的信息的三种方法详解
- 02(d)多元无约束优化问题-拟牛顿法
- Hadoop1.2.0开发笔记(九)
- 关于GetTickCount函数的用法
- 史上最详细的Hadoop环境搭建
- 【“免费”Windows优秀软件推荐】:Fences——自动整理桌面图标
- Android NDK开发基础
- Win10 环境变量配置
- winscp连接linux时提示连接失败OOPS:cannot change directory:/home/....什么的原因以及解决方案
- 关于base64编码解码(Android编码,JS解码,案例为解决安卓端H5页面的emoji表情显示问题)
- openjudge7939_膨胀的木棍
- 小米云服务器怎么管理员密码,小米路由器管理密码怎么设置 小米路由器管理密码设置介绍【图文】...
- 微信小程序 Basic Auth 前后端restful api进行身份验证
- MMM配置文件及相关命令