{"id":8264,"date":"2021-12-12T12:46:20","date_gmt":"2021-12-12T11:46:20","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=8264"},"modified":"2022-02-03T07:29:34","modified_gmt":"2022-02-03T06:29:34","slug":"vmware-vcenter-vcsa-appliance-upgrade-fails-with-service-cannot-be-started","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/vmware-vcenter-vcsa-appliance-upgrade-fails-with-service-cannot-be-started\/","title":{"rendered":"VMware: vCenter VCSA appliance upgrade fails with &#8220;Service cannot be started&#8221;"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_8264 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_8264')){$('.twoclick_social_bookmarks_post_8264').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"VMware%3A%20vCenter%20VCSA%20appliance%20upgrade%20fails%20with%20%26%238220%3BService%20cannot%20be%20started%26%238221%3B\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Aoften%2C%20when%20a%20vCenter%20VCSA%20update%20fails%2C%20the%20error%20is%20a%20certificate%20missmatch.%20For%20example%20the%20sso%2Fvmware-stsd%20service%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/vmware-vcenter-vcsa-appliance-upgrade-fails-with-service-cannot-be-started\\\/\",\"post_id\":8264,\"post_title_referrer_track\":\"VMware%3A+vCenter+VCSA+appliance+upgrade+fails+with+%26%238220%3BService+cannot+be+started%26%238221%3B\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>often, when a vCenter VCSA update fails, the error is a certificate missmatch. For example the sso\/vmware-stsd service<br \/>\n<!--more--><br \/>\n<code><br \/>\n[2021-12-12 10:08:11,628] : Running patch script.....<br \/>\n[2021-12-12T10:11:32.346] : Patch command patch failed<br \/>\n[2021-12-12T10:11:32.346] :<br \/>\nMismatch:<br \/>\nsummary: Internal error occurs during execution of update process Traceback (most recent call last):<br \/>\nFile \"\/storage\/core\/software-packages\/scripts\/patches\/py\/vmware_b2b\/patching\/phases\/patcher.py\", line 203, in patch<br \/>\n_patchComponents(ctx, userData, statusAggregator.reportingQueue)<br \/>\nFile \"\/storage\/core\/software-packages\/scripts\/patches\/py\/vmware_b2b\/patching\/phases\/patcher.py\", line 84, in _patchComponents<br \/>\n_startDependentServices(c)<br \/>\nFile \"\/storage\/core\/software-packages\/scripts\/patches\/py\/vmware_b2b\/patching\/phases\/patcher.py\", line 53, in _startDependentServices<br \/>\nserviceManager.start(depService)<br \/>\nFile \"\/storage\/core\/software-packages\/scripts\/patches\/libs\/sdk\/service_manager.py\", line 901, in wrapper<br \/>\nreturn getattr(controller, attr)(*args, **kwargs)<br \/>\nFile \"\/storage\/core\/software-packages\/scripts\/patches\/libs\/sdk\/service_manager.py\", line 794, in start<br \/>\nsuper(VMwareServiceController, self).start(serviceName)<br \/>\nFile \"\/storage\/core\/software-packages\/scripts\/patches\/libs\/sdk\/service_manager.py\", line 665, in start<br \/>\nraise IllegalServiceOperation(errorText)<br \/>\nservice_manager.IllegalServiceOperation: Service cannot be started. Error: Error executing start on service sts. Details {<br \/>\n\"detail\": [<br \/>\n{<br \/>\n\"id\": \"install.ciscommon.service.failstart\",<br \/>\n\"translatable\": \"An error occurred while starting service '%(0)s'\",<br \/>\n\"args\": [<br \/>\n\"sts\"<br \/>\n],<br \/>\n\"localized\": \"An error occurred while starting service 'sts'\"<br \/>\n}<br \/>\n],<br \/>\n<\/code><br \/>\nLooking at the sts log file gives an hint that the service could not registered in lookup service. An typical indenticator for certificate issues.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter \/var\/log\/vmware\/sso  # cat sts-prestart.log\r\n2021-12-11T21:21:16.388Z INFO     START: Executing STS pre start script...\r\n2021-12-11T21:21:16.414Z INFO     Current value in key StsInstalled is '0'. Action will be taken...\r\n2021-12-11T21:21:16.414Z INFO     Executing STS pre start commands: Register STS with LookupSvc\r\n2021-12-11T21:21:16.415Z INFO     Node type is embedded\r\n2021-12-11T21:21:17.251Z INFO     STS reregistration failed\r\n2021-12-11T21:21:17.252Z ERROR    Failed to register VMware STS with Lookup Service\r\n<\/pre>\n<p>If this happens run the lookup service doctor tool (lsdoctor). Copy the tool to the appliance and login via local shell or ssh. Download the zip file and extract it.<\/p>\n<p><a href=\"https:\/\/kb.vmware.com\/s\/article\/80469\" target=\"_blank\" rel=\"noopener\">lsdoctor <\/a> recognize certificate issues and could fix it.<\/p>\n<p>Here a typical error is:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter &#x5B; ~ ] unzip lsdoctor.zip\r\nroot@vCenter &#x5B; ~ ] cd lsdoctor-master\r\nroot@vCenter &#x5B; ~\/lsdoctor-master ]# python lsdoctor.py -l\r\n\r\n    ATTENTION:  You are running a reporting function.  This doesn't make any changes to your environment.\r\n    You can find the report and logs here: \/var\/log\/vmware\/lsdoctor\r\n\r\n2021-12-12T10:29:26 INFO main: You are reporting on problems found across the SSO domain in the lookup service.  This doesn't make changes.\r\n2021-12-12T10:29:27 INFO live_checkCerts: Checking services for trust mismatches...\r\n2021-12-12T10:29:27 INFO generateReport: Listing lookup service problems found in SSO domain\r\n2021-12-12T10:29:27 ERROR generateReport: site\\vCenter.myDomain.org (Update Manager) found SSL Trust Mismatch: Please run python ls_doctor.py --trustfix option on this node.\r\n\r\n<\/pre>\n<p>If such errors occurs, run lsdoctor with the trustfix switch<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@vCenter &#x5B; ~\/lsdoctor-master ]# python lsdoctor.py --trustfix\r\n2021-12-12T10:32:33 INFO findAndFix: Attempting to reregister ec039d94-9443-416d-a002-fc9e8a8fb96d for vCenter.myDomain.org\r\n2021-12-12T10:32:34 INFO findAndFix: We found 45 mismatch(s) and fixed them :)\r\n2021-12-12T10:32:34 INFO main: Please restart services on all PSC's and VC's when you're done.\r\n<\/pre>\n<p>This should solve the problem.<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, often, when a vCenter VCSA update fails, the error is a certificate missmatch. For example the sso\/vmware-stsd service<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[1723,1725,1726,1724,86,1524,14],"class_list":["post-8264","post","type-post","status-publish","format-standard","hentry","category-vmware","tag-certificate-missmatch","tag-error-executing-start-on-service","tag-lsdoctor","tag-sts","tag-vcenter","tag-vcsa","tag-vmware-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=8264"}],"version-history":[{"count":8,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8264\/revisions"}],"predecessor-version":[{"id":8335,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/8264\/revisions\/8335"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=8264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=8264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=8264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}