I get some strange errors on an upgrade of a vCenter installation on a Windows Server some time ago. I wanted to upgrade from version 5.1 to 5.5 U3b. At first the upgrade process ended popping up an error, after re-try installing just vCenter even the wizard stops going forward because of an error.
The error that was display when ending upgrade process was:
Error 26002.Setup failed to register vCenter Server. This might indicate a problem with the SSL certificates for vCenter Server. Search the VMware Knowledge Base (http://kb.vmware.com) for “Error 26006” for more information.
Note: These two different error numbers are no typing error!
When re-trying to continue where the upgrade stopped, I tried to upgrade (or install, because the upgrade already uninstalled vCenter) vCenter Server. When the wizard tries to contact Lookup Server, the following error was displayed:
Unable to contact Lookup Service. Check vm_ssoreg.log in the system temporary folder for more details. Search the VMware Knowledge Base (http://kb.vmware.com) for “Error 29102” for more information.
vm_ssoreg.log was not even created.
For both cases, the vCenter SSL certificates causes the problem. The error in the certificates was that data encipherment was not set by external CA. But this is mandatory for certificates used for VMware services!
To resolve the problem of error in wizard, rename SSL folder that holds certificate for vCenter service. So installation will create a new self-signed certificate for the service. But this step does not resolve the problem with stopping installation. To resolve this issue, create an new self-signed certificate for lookup service and replace the existing one. To do so:
openssl x509 -req -days 3650 -in C:\certs\Lookup\rui.csr -signkey C:\certs\Lookup\rui.key -out C:\certs\Lookup\rui.crt -extensions v3_req -extfile C:\certs\Lookup\Lookup.cfg
- create a
chain.pemfile as copy of
- Replace Lookup Service certificate using VMware SSL Automation Tool
For more information on using VMware SSL Automation Tool, I recommend reading Derek Seamans blog here.