You may get the following error when adding an ESXi host to a vCenter 6.0 U2 (specifically) or later since VMWare have changed certificates management method starting from the vCenter edition I mentioned above, you can face this error right after upgrading your vSphere environment from vSphere 5.5 to vSphere 6.0 U2.

Error message

A general system error occurred: Unable to get signed certificate for host: esxi_hostname. Error: Start Time Error (70034)

I’ve faced this issue today while upgrading ESXi hosts in a cluster from version 5.5 U3 to 6.0 U2 using the update manager, the error occurs while vCenter server tries to reconnect to the host right after upgrading it.

The solution to this is very simple, you just need to change the schedule of refreshing the certificates by doing the following steps:

  1. Connect to the vCenter Server using the vSphere Client (not the web client if you are running vCenter 6.0) and administrator credentials.
  2. Select Administration > vCenter Server Settings to display the vCenter Server Settings dialog box.
  3. In the settings list, select Advanced Settings.
  4. In the Key field, type a key.
  5. In the Key field, enter this key: (first, make sure that the line isn’t already available in the list)vpxd.certmgmt.certs.minutesBefore
  6. In the Value field, enter:10
  7. Click Add.
  8. Click OK.

Further details are availale under KB:2123386

Advertisements