Hey everyone,
I'm the sole sysadmin in my small IT team and I'm having a tough time with my Dell VXRail hyperconverged cluster. We have four ESXi hosts running around 50 VMs, and I'm currently on version 6.7. My vCenter server appliance is on PhotonOS along with an external platform services controller, both running as virtual machines on this cluster.
I can log into vSphere, but there's hardly any functionality - I can only see the administration tab, and I get an error at the top saying "cannot connect to :443/sdk". I've got the admin passwords for all appliances and ESXi hosts, and shell login is enabled. I did some house cleaning on storage to reduce it from 95% to under 40%. Running fsck shows that the volumes are clean, and I've restarted both the vCenter and PSC appliances several times.
The major issue is that the VPXD service won't start; every attempt comes with a system error and instructions to check the support bundle. I've dug through the logs and spotted some LDAP issues and certificate errors, but I'm not sure how to resolve them. The certificates look valid, and other services have mixed statuses - some start with warnings while others just won't start at all.
I tried restoring from a recent backup, but my Rubrik appliance can't connect to vCenter for that to work. Plus, our support contract has expired, and I'm looking for help here before I face hefty costs for troubleshooting. Any thoughts or advice would be greatly appreciated!
4 Answers
It's crucial to verify the certificates, especially the sts certificates being used. You can run a script from the command line to check the validity of all the certificates stored. Make sure they are up to date and not expired.
You can check the certificates using this command:
```for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;```
It should show you if anything is off; all certs valid until 2030 means you’re good there!
You should definitely take a close look at the VPXD logs located at "/var/log/vmware/vpxd/". Those logs might give you more specific clues about what's going wrong. Also, is your support contract still active? It might be worth contacting VMware if you can't get this resolved quickly.
I've checked the vpxd.log and found some LDAP and certificate-related errors, but those didn't change anything when I tried to fix them. Unfortunately, our support contract has expired, and I'm hoping to avoid costs.
First thing to check is if the time is correct on your appliances. If the time isn't syncing properly, it can cause the VPXD service to fail. Make sure you're getting NTP from a reliable source, like your domain controller. Also, check the timezone settings on both appliances—using UTC can sometimes lead to issues depending on your setup.
I’ve checked the time, and NTP is synchronized with our domain controller. The timezone was originally set to UTC, but I switched it over to our local timezone to see if that helps. Still no luck with VPXD.
I've run that command, and all certificates look valid until 2030, so that should be in order. Still no success with the services starting.