Today I had to deploy a new vCenter appliance. Nothing fancy, new deployment. Stage 1 was easy, but stage 2 failed several times. I re-deployed the vCenter appliance two times, but as the deployment failed for the third time, I took a look into the logs.
The deployment failed without any error, but it didn’t finished. It stopped during the start of different services without any error.
First of all: Log into the appliance using SSH or the console. Use the root account and the root password you have entered during the setup.
A good point to start are the logs under /var/log/firstboot. I used ls -lt to get the last written logs. Most services will write two logs: One log ends with _stdout.log, and the second one will end with _stderr.log. The _stdout.log contails the log messages of the service. The _stderr.log contains the errors. I searched for a service that has written to a _stderr.log – and I found it: scafirstboot.py_10507_stderr.log.
And this log gave me a hint what the root cause was. One of the last log entries was:
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate is not yet valid
What what? A certificate not only has an end date, but also a date before which it is not valid – a start date. And this is often indicates a problem with – NTP. And it was NTP. I have configured NTP for the vCenter, but not for the ESXi on which I deployed the vCenter. -.- If it is not DNS, it’s NTP. Or a invalid certificate. Or both.
- Outlook Web Access fails with “440 Login Timeout” - November 3, 2021
- Modify ProxyAddresses of Office 365 users without Exchange Online - October 31, 2021
- Escaping special characters in proxy auth passwords in vCenter - October 8, 2021