VMware VCSA Update Manager - Service crashed while starting

If you have used custom certificates and are having problems upgrading VMware VCSA or are having problems trying to perform a backup, you may have a problem with the VMware Update Manager service. VMware's knowledgebase article applies to this issue: https://kb.vmware.com/s/article/2121689.

This procedure should fix the thumbprint mismatch which is causing the problem.

SSH into your VMware vCentre Server Appliance.

ssh root@<HOSTNAME>

If your SSH session doesn't automatically enter a shell run the following.


Run the following command to get the currentl Machine SSL Certificate.

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output /tmp/machineSSL.crt

Run the following command to get the SSL trust certificate.

(echo "-----BEGIN CERTIFICATE-----";/usr/lib/vmidentity/tools/scripts/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --ep-type com.vmware.cis.cs.identity.sso 2>/dev/null |grep "SSL trust: " |cut -f2 -d: |cut -b2-;echo "-----END CERTIFICATE-----") > /tmp/newcert.crt

Get the thumbprints of the two certificates.

openssl x509 -in /tmp/machineSSL.crt -fingerprint -noout
openssl x509 -in /tmp/newcert.crt -fingerprint -noout

If the two thumbprints do not match then you need to perform the following.

/usr/lib/vmidentity/tools/scripts/ls_update_certs.py --url http://localhost:7080/lookupservice/sdk --fingerprint <SECOND_FINGERPRINT> --certfile /tmp/machineSSL.crt --user administrator@vsphere.local --password <PASSWORD>

Start the VMware Update Manager service.

service-control --start vmware-updatemgr

Disable SSH warning on VMware ESXi

Using esxcli: vim-cmd hostsvc/advopt/update UserVars.SuppressShellWarning long 1 Using the vSphere Client: Select the ESXi host from the Inventory. Click the Configuration tab. Select Advanced Settings in the Software list. Locate UserVars in the left list. Locate UserVars.SuppressShellWarning in  […]

Continue reading

Disk Cleanup Utility on Windows Server 2008 R2

Microsoft requires that the Desktop Experience feature be installed on Server 2008 R2 for the Disk Cleanup Utility to work, but you can work around that requirement. Start a Command Prompt running as Administrator and run the following: copy  […]

Continue reading

Install Certificate for Microsoft Remote Desktop

Open Microsoft Management Center (MMC) (Start -> Run -> mmc.exe) Open File menu and select 'Add/Remove Snap-in' (or press Ctrl+M) Select Certificates and click 'Add >'. Select 'Computer account' and click 'Next >' Leave 'Local computer' selected unless you are managing a remote server  […]

Continue reading

VMware vCenter Server behind NAT Router

If your vCenter Server is behind a NAT the hosts will drop out after about a minute. To fix this problem you must add a port forward on the router to relay UDP/902 back to the vCenter server and configure the Virtual Center agent on the host to point to the external NAT IP address. VMware Reference:  […]

Continue reading

Page top