^NEW^ Download Fixsts.sh Vmware

Hello, I'm wondering if anyone has some insights they could share? I have four VCSA appliances, two are external PSCs and two are vCenters in linked mode in two different sites, running 6.5U3, but were originally deployed as 6.5u2. I am trying to replace the certificates on the main PSC VMCA using a cert from our Microsoft PKI as the root, but am running into issues. When I run the commandline certificate-manager tool, everything seems to replace correctly, until services restart, where it times out on the vmware-stsd service, and the cert rolls back and I have to reboot. On reboot, the vmware-stsd service fails to start again, but then if I wait a couple of minutes, I can start it using a systemctl command. So right now our vCenter infrastructure is running fine, but I can't seem to replace the certs, which expire in a few weeks. I did run into the STS cert expiration issue last year and replaced it using the GUI before it actually expired, and never had any authentication issues. During my attempt to upgrade certs recently, I did run fixsts.sh just in case, cleaned up an unused expired cert in a secondary leaf, and everything looked fine before my last attempt. I checked the logs on the PSC appliance for the cert tool and the catalina logs, and don't see any indications that a cert issue is causing issues with the service to start automatically, or that there were any issues with the replacement until the service hung at the end. It appears that the service has not been running at startup for a while, since maybe December, but I didn't notice since everything seemed to work, and there were no alerts in vCenter. Because of this, it does not appear that the new cert is to blame for the service not starting. The service is also set as enabled in systemctl status, so it doesn't appear to be just not set to start at startup. Is there anywhere else I should be looking to figure out this issue? I've been combing the web for ideas. I'm wondering if maybe I should just try to replace the root cert, and cancel the tool when it's hung at startup, startup the service manually, and if it would work, but I don't know if maybe that would cause more issues. Thanks! This is driving me nuts!

QUESTION: Given the above, would it be ok to implement the instructions of document -vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-CD4FA8E2-5BD1-4D1E-8647-945B1D8CA918.html ??

Download Fixsts.sh Vmware

DOWNLOAD 🔥 https://byltly.com/2y7MVJ 🔥

Great news: I resolved it with ==> VMware provides a fixsts.sh script that can be used proactively (i.e., before STS certificate expires) OR reactively (i.e. after the certificate expires and the vCenter UI fails along with other components).

@Arnold: although I used VMware's fixsts.sh script, I first examined its contents and realized it does the same thing as the actions in your link. Hence, I have marked your link as the solution. Thanks again, sir.

In my situation , both of the certificate types were expired and I had to replace all of them. To replace the STS certifcate , you could utilize a script provided by VMWare (fixsts.sh) using the KB : 006ab0faaa