查看证书状态

· Web客户端(Flash)

  1. 连接到vSphere Web Client:https:// vcenter_server_ip_address_or_fqdn / vsphere-client
  2. 选择管理员>单一登录>配置>证书> STS签名

操作前准备

· 确认当前环境没有调用vCenter(即,允许vCenter处于暂时不可用的状态)
· 对vCenter做快照或者备份
· 下载官网【fixsts.sh】脚本
· 准备vCenter的administrator@vsphere.local用户的密码

或者从本站下载fixsts.sh.zip

操作操作

· 将fixsts.sh脚本上传到vCenter;

若使用winscp上传,可能会遇到“主机超过15秒无通信。继续等待...“的错误,可参考如下链接解决;
https://www.wtvirtual.com/virtualization/285.html

· ssh到vCenter
· 为脚本附加权限

切换到脚本所在的文件目录

chmod +x fixsts.sh

· 执行脚本

root@photon-machine [ /tmp ]# ./fixsts.sh
NOTE: This works on external and embedded PSCs
This script will do the following
1: Regenerate STS certificate
What is needed?
1: Offline snapshots of VCs/PSCs
2: SSO Admin Password
IMPORTANT: This script should only be run on a single PSC per SSO domain
==================================
Resetting STS certificate for photon-machine started on Wed Feb 24 18:03:14 -08 2021


Detected DN: cn=172.16.0.10,ou=Domain Controllers,dc=vsphere,dc=local
Detected PNID: 172.16.0.10
Detected PSC: 172.16.0.10
Detected SSO domain name: vsphere.local
Detected Machine ID: 932152323c-71b7-4e04-9ab0-cf54924a6f7c
Detected IP Address: 172.16.0.10
Domain CN: dc=vsphere,dc=local
==================================
==================================

Detected Root's certificate expiration date: 2029 Feb 28
Detected today's date: 2021 Feb 24
==================================

Exporting and generating STS certificate

Status : Success
Using config file : /tmp/vmware-fixsts/certool.cfg
Status : Success


Enter password for administrator@vsphere.local:
Amount of tenant credentials: 1
Exporting tenant 1 to /tmp/vmware-fixsts

Deleting tenant 1

Amount of trustedcertchains: 1
Exporting trustedcertchain 1 to /tmp/vmware-fixsts

Deleting trustedcertchain 1


Applying newly generated STS certificate to SSO domain
adding new entry "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"

adding new entry "cn=TrustedCertChain-1,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"


Replacement finished - Please restart services on all vCenters and PSCs in your SSO domain
==================================
IMPORTANT: In case you're using HLM (Hybrid Linked Mode) without a gateway, you would need to re-sync the certs from Cloud to On-Prem after following this procedure
==================================
==================================

停止vCenter所有的服务

root@photon-machine [ /tmp ]# service-control --stop --all
Perform stop operation. vmon_profile=ALL, svc_names=None, include_coreossvcs=True, include_leafossvcs=True
2021-02-25T02:04:53.203Z   Service vmware-vmon does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:04:53.203Z   Running command: ['/sbin/service', u'vmware-vmon', 'stop']
2021-02-25T02:06:54.864Z   Done running command
2021-02-25T02:06:54.865Z   Successfully stopped service vmware-vmon
Successfully stopped vmon services. Profile ALL.
2021-02-25T02:06:54.875Z   Service vmware-psc-client does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:54.875Z   Running command: ['/sbin/service', u'vmware-psc-client', 'status']
2021-02-25T02:06:54.931Z   Done running command
Successfully stopped service vmware-psc-client
2021-02-25T02:06:56.099Z   Service vmdnsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:56.099Z   Running command: ['/sbin/service', u'vmdnsd', 'status']
2021-02-25T02:06:56.149Z   Done running command
Successfully stopped service vmdnsd
2021-02-25T02:06:56.278Z   Service vmware-stsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:56.278Z   Running command: ['/sbin/service', u'vmware-stsd', 'status']
2021-02-25T02:06:56.325Z   Done running command
Successfully stopped service vmware-stsd
2021-02-25T02:06:58.576Z   Service vmware-sts-idmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:58.576Z   Running command: ['/sbin/service', u'vmware-sts-idmd', 'status']
2021-02-25T02:06:58.622Z   Done running command
Successfully stopped service vmware-sts-idmd
2021-02-25T02:06:59.711Z   Service vmcad does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:59.711Z   Running command: ['/sbin/service', u'vmcad', 'status']
2021-02-25T02:06:59.764Z   Done running command
Successfully stopped service vmcad
2021-02-25T02:06:59.894Z   Service vmdird does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:06:59.895Z   Running command: ['/sbin/service', u'vmdird', 'status']
2021-02-25T02:06:59.939Z   Done running command
Successfully stopped service vmdird
2021-02-25T02:07:00.076Z   Service vmafdd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:07:00.076Z   Running command: ['/sbin/service', u'vmafdd', 'status']
2021-02-25T02:07:00.122Z   Done running command
Successfully stopped service vmafdd
2021-02-25T02:07:00.271Z   Service lwsmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:07:00.271Z   Running command: ['/sbin/service', u'lwsmd', 'status']
2021-02-25T02:07:00.323Z   Done running command
Successfully stopped service lwsmd

开启vCenter所有的服务

root@photon-machine [ /tmp ]# service-control --start --all
Perform start operation. vmon_profile=ALL, svc_names=None, include_coreossvcs=True, include_leafossvcs=True
2021-02-25T02:08:38.670Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'lwsmd']
2021-02-25T02:08:38.677Z   Done running command
2021-02-25T02:08:38.683Z   Service lwsmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:38.683Z   Running command: ['/sbin/service', u'lwsmd', 'status']
2021-02-25T02:08:38.730Z   Done running command
2021-02-25T02:08:38.736Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:38.870Z   Done running command
2021-02-25T02:08:38.871Z   Running command: ['/usr/bin/systemctl', 'set-property', u'lwsmd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:38.880Z   Done running command
Successfully started service lwsmd
2021-02-25T02:08:39.296Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmafdd']
2021-02-25T02:08:39.307Z   Done running command
2021-02-25T02:08:39.315Z   Service vmafdd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:39.315Z   Running command: ['/sbin/service', u'vmafdd', 'status']
2021-02-25T02:08:39.361Z   Done running command
2021-02-25T02:08:39.368Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:39.498Z   Done running command
2021-02-25T02:08:39.500Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmafdd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:39.508Z   Done running command
Successfully started service vmafdd
2021-02-25T02:08:40.188Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmdird']
2021-02-25T02:08:40.199Z   Done running command
2021-02-25T02:08:40.205Z   Service vmdird does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:40.206Z   Running command: ['/sbin/service', u'vmdird', 'status']
2021-02-25T02:08:40.253Z   Done running command
2021-02-25T02:08:40.259Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:40.374Z   Done running command
2021-02-25T02:08:40.375Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmdird.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:40.382Z   Done running command
Successfully started service vmdird
2021-02-25T02:08:42.948Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmcad']
2021-02-25T02:08:42.964Z   Done running command
2021-02-25T02:08:42.972Z   Service vmcad does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:42.972Z   Running command: ['/sbin/service', u'vmcad', 'status']
2021-02-25T02:08:43.032Z   Done running command
2021-02-25T02:08:43.039Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:43.172Z   Done running command
2021-02-25T02:08:43.172Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmcad.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:43.180Z   Done running command
Successfully started service vmcad
2021-02-25T02:08:44.556Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmware-sts-idmd']
2021-02-25T02:08:44.566Z   Done running command
2021-02-25T02:08:44.572Z   Service vmware-sts-idmd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:44.572Z   Running command: ['/sbin/service', u'vmware-sts-idmd', 'status']
2021-02-25T02:08:44.621Z   Done running command
2021-02-25T02:08:44.627Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:44.757Z   Done running command
2021-02-25T02:08:44.757Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-sts-idmd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:44.765Z   Done running command
Successfully started service vmware-sts-idmd
2021-02-25T02:08:57.223Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmware-stsd']
2021-02-25T02:08:57.234Z   Done running command
2021-02-25T02:08:57.239Z   Service vmware-stsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:08:57.240Z   Running command: ['/sbin/service', u'vmware-stsd', 'status']
2021-02-25T02:08:57.287Z   Done running command
2021-02-25T02:08:57.293Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:08:57.421Z   Done running command
2021-02-25T02:08:57.422Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-stsd.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:08:57.430Z   Done running command
Successfully started service vmware-stsd
2021-02-25T02:09:40.264Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmdnsd']
2021-02-25T02:09:40.276Z   Done running command
2021-02-25T02:09:40.282Z   Service vmdnsd does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:09:40.282Z   Running command: ['/sbin/service', u'vmdnsd', 'status']
2021-02-25T02:09:40.327Z   Done running command
Successfully started service vmdnsd
2021-02-25T02:09:40.335Z   Running command: ['/usr/bin/systemctl', 'is-enabled', u'vmware-psc-client']
2021-02-25T02:09:40.346Z   Done running command
2021-02-25T02:09:40.351Z   Service vmware-psc-client does not seem to be registered with vMon. If this is unexpected please make sure your service config is a valid json. Also check vmon logs for warnings.
2021-02-25T02:09:40.352Z   Running command: ['/sbin/service', u'vmware-psc-client', 'status']
2021-02-25T02:09:40.401Z   Done running command
2021-02-25T02:09:40.407Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:09:40.530Z   Done running command
2021-02-25T02:09:40.531Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-psc-client.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:09:40.539Z   Done running command
Successfully started service vmware-psc-client
2021-02-25T02:09:44.142Z   Running command: ['/usr/bin/systemctl', 'set-environment', 'VMON_PROFILE=NONE']
2021-02-25T02:09:44.148Z   Done running command
2021-02-25T02:09:44.154Z   Running command: ['/usr/bin/systemctl', 'daemon-reload']
2021-02-25T02:09:44.289Z   Done running command
2021-02-25T02:09:44.290Z   Running command: ['/usr/bin/systemctl', 'set-property', u'vmware-vmon.service', 'MemoryAccounting=true', 'CPUAccounting=true', 'BlockIOAccounting=true']
2021-02-25T02:09:44.300Z   Done running command
2021-02-25T02:09:45.642Z   Running command: ['/usr/bin/systemctl', 'unset-environment', 'VMON_PROFILE']
2021-02-25T02:09:45.649Z   Done running command
Successfully started vmon services. Profile ALL.
最后修改:2021 年 02 月 27 日 12 : 38 AM
如果觉得我的文章对你有用,请随意赞赏