...spent a good two days on repairing our test vCenter, where an outdated plugin apparently blocked automatic renewal of some of the certificates usually generated by the vCenter CA. None of the repair tools (and there are surprisingly quite a few in the VMware KB) worked until I identified and removed the rogue plugin. And afterwards I had a vCenter with the CA including root certs re-rolled, which in turn upset all the connected systems (NSX-T, Cloud Director, Usage Meter, and such...).


...and all of them have different procedures and tools to reestablish the vCenter trust relationship (or even repair internal damage resulting from the CA change). I really hope nothing like this ever turns up in production.

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!