vCenter certificate validation error during 6.7 to 7.0 upgrade

While I was trying to upgrade the vCenter to 7 Update 3, ended up with an error saying

“The machine SSL certificate in the VMware Endpoint Certificate Store (VECS) does not correspond with the service registration in the VMware Directory Service (vmdir)”

The remediation steps are pretty straightforward as per their KB 2121701

In order to ease and speed up the process, you can simply follow the below steps.

  • Take a snapshot or a full backup of the source vCenter
  • Download the automated script from the VMware community
  • Copy the file to # /usr/lib/vmidentity/tools/scripts (you may use a utility like WinSCP)
  • Run the below commands

python ls_ssltrust_fixer_p3.py -f scan

python ls_ssltrust_fixer_p3.py -f fix

How to copy an Image file to another network device

In general, we copy/upload IOS image files to either flash or bootflash from a TFTP server. In case of timeouts or network delays with the TFTP server, we could use either USB or Memory Slots in order to copy image files to a network device. Once you are done copying the image to flash/bootflash, we can simply configure the network device itself as a TFTP server and can be used to copy image files across other devices. 

NOTE: Please make sure all the devices are in the same subnet 

In our example, we have used 2 Routers. Router 01 is preloaded with the Image files and will be configured as the TFTP server. Router 02 will be the TFTP client. 

Step 01: Make sure, the image file is already copied to the file location (flash or bootflash)

# show bootflash:

Step 02: Configure the Router as a TFTP server. And then assign the relevant image file

(config)# tftp-server bootflash:/“imagename”

Step 03: Log into Router 02 and copy the Image file from the TFTP server (Router 01)

#copy tftp bootflash:

 

[source: Cisco KB]