Performing a VASA Provider’s certificate replacement after vCenter Server convergence, would result in virtual volumes (vVOLs) going inaccessible from all ESXi host’s inventory.

What causes this?

1. The convergence workflow installs RPMs related to the PSC services which also means a new VMware Certificate Authority (VMCA)
instance is created on the embedded VC node.

2. VMCA creates a new VMCA root certificate which in turn is used for future certificate requests that the embedded node handles.

3. While the old certs are retained maintaining VC<-> host communication, other solutions like vVOl do not operate as the new certs provided to VASA providers have new ROOT certificte details whereas the hosts still have old ones causing vVol workflow to break.

How do you resolve this?

Renew or Refresh ESXi Certificates connected to vcenter server.

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html

The certificate refresh has to be done manually per host.

Note: – Bulk certificate management is currently not possible from vCenter Server UI at this time.

Virtual SDDC

Performing a VASA Provider’s certificate replacement after vCenter Server convergence, would result in virtual volumes (vVOLs) going inaccessible from all ESXi host’s inventory.

Leave a comment Cancel reply

Share this:

Related

Leave a comment Cancel reply