The last time I tried to login to PoC vCenter, I ran into problems. After checking a few things, it turned out that the problem was an expired certificate. In this case, it is easy to regenerate it using the built-in Certificate Manager on the vCenter server. Then I saw that Workloadload Management infinitely reconfigures…
Workload Management is in Configuring state.
Kubernetes Status has some Warnings.
Let’s see at the logs from the vCenter Server:
tail -f /var/log/vmware/wcp/wcpsvc.log
There are many errors with EAM service.
When you update vCenter certificates, Certificate Manager is unable to automatically update the EAM certificate.
The workaround/soluition is to run the updateExtensionCertInVC.py to fix this problem.
- Log in to the vCenter Server Appliance using SSH and access to the Bash shell:
2. Create “/certificate” folder and than retrieve the vpxd-extension solution user certificate and key
mkdir /certificate /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt /usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.key
3. Run this command to update configuration. Remember to chage vCenter name and Administrator domain to @vsphere.local
python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.vim.eam -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s vmware-vcs-01.infra.home -u Administrator@vsphere.local
Successfully updated certificate for “com.vmware.vim.eam” extension line is present. That means, the procedure goes well despite SSL errros at below: [SSL:CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for ‘sdkTunnel’. (_ssl.c:1076)
4. Restart EAM service and start all other services.
If you want, you can stop all services and than, start all. In that case, change first command to:
service-control –stop -all
service-control --stop vmware-eam service-control --start --all
5. Great, all services are up and Workload Management status is in Running state 🙂
KB from VMware: https://kb.vmware.com/s/article/80588