I ended up changing DNS back to my pfsense firewall instead of pointing to my pi hole DNS servers. This caused an issue where vcenter could not communicate with my esxi servers. I figured I would reboot from here, why not right. That did not solve a thing, except for giving me a new problem that I did not ask for. I am just documenting what has worked for me as this seems to be a super frustrating issue that I do not know how persistent it will be. I can’t see how or why I would have to regenerate a new certificate to force start the vcenter GUI. I will explain a little further. At the moment, the problem feels like it is from “Fake Circumstances” but requires real solutions to solve it, even though there is fake reasons “NO ACTUAL PROBLEM” causing it.

The article that help me fix Fake

I found a an article that helped me get logged back into vcenter. You will see why I am saying it is fake. For no reason whatsoever, after rebooting the appliance, it will not allow me to login. Again, when I say fake, nothing caused it at all, I just have the problem out of nowhere that requires me to circumvent fake. The above article had a link in it as it relates in some way, however, starting all services did nothing because I still had this certificate error, which is 100% fake as I just regenerated the certificate maybe a few hours earlier. What this means is I can not ever restart the appliance unless I feel like regenerating the certificate everytime. My life always requires extra steps that the normal person does not have to do, and it feels like knowing how to do these types of things would be great, except all it means is that I have 1,000 extra steps I have to do to get absolutely no where versus a person who just turns on the appliance.

How to regenerate vSphere 6.x certificates using self-signed VMCA (2112283)

Run The Certificate Manager on the Appliance

For my situation, the instructions are for the vCenter Appliance and not the vCenter for Windows.

  • SSH into vCenter appliance and enter a shell
  • from the shell, run
    • /usr/lib/vmware-vmca/bin/certificate-manager
    • choose option 8 and answer the prompts

Services that Should Be Running

After completing the above, this command seems to restart the appropriate services that need to be running. This is what I have been able to. So in order to see what should be running, you need to do the following:

  • while logged into vcenter via ssh, run this command.
    • service-control --status

This will give you an idea of what should be running. This is where I would suggest you to start. Chances are, when you run the above command, most services will not be running. You can start them all by name. You will be able to look at the above picture to figure out which ones you need to start, but for certainty, we need to ensure that vmware-certificatemanagement is running and that the vsphere-client, vpshere-ui are all running.

Start Here!!

My suggestion after reading all the above information is to check what services are running and then start them. If all else fails, run the above certificate management to reset all the certificates, once that is complete, you should already be good to log in.

Do these steps:

  • ssh into vcenter, and get a shell
  • service-control --status

Verify services running, if it does not look similar to image above, then start each service. Here is an example

  • service-control --start vsphere-ui
  • service-control --start vmware-vpxd-svcs

Continue this process until the required services are all started. If all else fails, and you still can not login, go back to the top of this page, and reset the certificates. This is how you conquer fake

vMware Appliance Management on port 5480

If this page loads, and fails to log you in, this is something you may want to check. I had this issue where it loaded the login page and instantly was denying any credential I put in there. Remember, this is the root account when trying to login. If the page loads normal, but, when you supply credentials and it seems to instantly reject them, then you want to check the following service, applmgmt.

Check status of service:

  • service-control --status applmgmt

Start applmgmt service if not running

  • service-control --start applmgmt

Verify applmgmt is now running

  • service-control --status applmgmt

Your Output should look similar to the image below