{"id":825,"date":"2020-08-12T14:14:55","date_gmt":"2020-08-12T06:14:55","guid":{"rendered":"https:\/\/www.insecurewire.com\/?p=825"},"modified":"2020-08-12T14:14:55","modified_gmt":"2020-08-12T06:14:55","slug":"lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x","status":"publish","type":"post","link":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/","title":{"rendered":"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x"},"content":{"rendered":"

To support ESXi 7.x we required an upgrade to our Virtual Center Server Appliance which was on version 6.7. The upgrade itself was as follows:
\n1. Your host must be ESXi 6.5 or later as per the following VMware link<\/a>. I went with a fresh ESXi 7.0 install as the host would not upgrade due to HPE customizations.
\n2. Install the new VCSA 7 virtual appliance and run the upgrade wizard.
\n3. Make sure you have application backups \/ snapshosts of existing VCSA appliance.<\/p>\n

Ok so it seemed like straight forward task. However like with any infrastructure upgrade I ran into a few issues:
\n1. When upgrading ESXi 6.0 on a HP DL380 custom image, there was an unsupported driver that needed removing for upgrade to proceed.
\n2. When upgrading VCSA 6.7 to version 7 I encountered the following error:<\/p>\n

Error
\nA vCenter Single Sign-On endpoint certificate validation error has occurred.
\nResolution
\nEnsure that the endpoint service registrations in vmdir match their corrsponding machine SSL certificates in VECS. For more information, see Knowledge Base article KB 2121701.
\n<\/code><\/p>\n

Our VCSA 6.7 was using an Active Directory CA certificate for the “machine cert” so that when using the UI, browsers would not pop for untrusted connection etc. The issue was that when running the validation check to upgrade to VCSA 7.x the certifcate for machine didnt match all the other ones in VCSA back end. To fix this I came across a VMware communities article<\/a> that had a python tool attached which automates the process in KB 2121701.<\/p>\n

Link to the SSL Fixer .py tool<\/a><\/p>\n

Run the tool on the source VCSA – in my case that was 6.7 to fix up your machine certs and then run the upgrade wizard again. This then passed the validation check and allowed the upgrade to proceed.
\nCopy the file to lstool scripts folder.
\nFor vCSA path:
\n# \/usr\/lib\/vmidentity\/tools\/scripts
\nRun the below commands:
\n# python ls_ssltrust_fixer_p3.py -f scan
\n#python ls_ssltrust_fixer_p3.py -f fix
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

To support ESXi 7.x we required an upgrade to our Virtual Center Server Appliance which was on version 6.7. The upgrade itself was as follows:…<\/p>\n","protected":false},"author":2,"featured_media":376,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[193,198],"class_list":["post-825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vmware","tag-vcsa","tag-vmware"],"acf":[],"yoast_head":"\nLessons Learnt Upgrading VMware VCSA 6.7 to 7.x - Insecure Wire<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x - Insecure Wire\" \/>\n<meta property=\"og:description\" content=\"To support ESXi 7.x we required an upgrade to our Virtual Center Server Appliance which was on version 6.7. The upgrade itself was as follows:...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\" \/>\n<meta property=\"og:site_name\" content=\"Insecure Wire\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-12T06:14:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"109\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"nikonau\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/insecurewire\" \/>\n<meta name=\"twitter:site\" content=\"@insecurewire\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"nikonau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\"},\"author\":{\"name\":\"nikonau\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\"},\"headline\":\"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x\",\"datePublished\":\"2020-08-12T06:14:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\"},\"wordCount\":256,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png\",\"keywords\":[\"VCSA\",\"VMware\"],\"articleSection\":[\"VMware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\",\"url\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\",\"name\":\"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x - Insecure Wire\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png\",\"datePublished\":\"2020-08-12T06:14:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png\",\"width\":300,\"height\":109,\"caption\":\"VMware vSphere\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.insecurewi.re\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.insecurewi.re\/#website\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"name\":\"Insecure Wire\",\"description\":\"A Network Engineer\u2019s Perspective.\",\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.insecurewi.re\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.insecurewi.re\/#organization\",\"name\":\"Insecure Wire\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"width\":32,\"height\":32,\"caption\":\"Insecure Wire\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/insecurewire\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\",\"name\":\"nikonau\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"caption\":\"nikonau\"},\"sameAs\":[\"https:\/\/x.com\/https:\/\/twitter.com\/insecurewire\"],\"url\":\"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x - Insecure Wire","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/","og_locale":"en_US","og_type":"article","og_title":"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x - Insecure Wire","og_description":"To support ESXi 7.x we required an upgrade to our Virtual Center Server Appliance which was on version 6.7. The upgrade itself was as follows:...","og_url":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/","og_site_name":"Insecure Wire","article_published_time":"2020-08-12T06:14:55+00:00","og_image":[{"width":300,"height":109,"url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png","type":"image\/png"}],"author":"nikonau","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/insecurewire","twitter_site":"@insecurewire","twitter_misc":{"Written by":"nikonau","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#article","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/"},"author":{"name":"nikonau","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d"},"headline":"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x","datePublished":"2020-08-12T06:14:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/"},"wordCount":256,"commentCount":0,"publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png","keywords":["VCSA","VMware"],"articleSection":["VMware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/","url":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/","name":"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x - Insecure Wire","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png","datePublished":"2020-08-12T06:14:55+00:00","breadcrumb":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#primaryimage","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2019\/07\/vmware-logo.png","width":300,"height":109,"caption":"VMware vSphere"},{"@type":"BreadcrumbList","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/08\/12\/lessons-learnt-upgrading-vmware-vcsa-6-7-to-7-x\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.insecurewi.re\/"},{"@type":"ListItem","position":2,"name":"Lessons Learnt Upgrading VMware VCSA 6.7 to 7.x"}]},{"@type":"WebSite","@id":"https:\/\/www.insecurewi.re\/#website","url":"https:\/\/www.insecurewi.re\/","name":"Insecure Wire","description":"A Network Engineer\u2019s Perspective.","publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.insecurewi.re\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.insecurewi.re\/#organization","name":"Insecure Wire","url":"https:\/\/www.insecurewi.re\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","width":32,"height":32,"caption":"Insecure Wire"},"image":{"@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/insecurewire"]},{"@type":"Person","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d","name":"nikonau","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","caption":"nikonau"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/insecurewire"],"url":"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/comments?post=825"}],"version-history":[{"count":0,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/825\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media\/376"}],"wp:attachment":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media?parent=825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/categories?post=825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/tags?post=825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}