Error is being generated on vCenter 6.7 Web GUI:
503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x000055ed2fdb3820] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)
Normally this error is a bit vague. It simply says that the web service is not available which means that the appliance is running, however, the service for the Web Server will not start up. There are a few things it can be and normally I check disk space on the server first just to ensure it is not encountering an out of space issue and cannot start up. However, a very common error is that the VMware Security Token Service (STS) Certificate(s) have expired. The STS certificate is set to expire after a period of time on certain builds. For example if you did a fresh install of vCenter 6.5 and upgraded to a 6.7 version.
The first step is to check if the STS Certificates have expired. If one or more expired then the service will not be able to start and it generates the above 503 error. In order to run this, you have to run a script provided by VMware. Unfortunately, this is not a built-in check with the appliance so the script has to be downloaded and copied over to the server.
Pre-requisites to do this involve enabling SSH on vCenter and having software like WinSCP in order to transfer the file over. Then the following should be done:
- Download the checksts.py Python script which can be found here: https://kb.vmware.com/sfc/servlet.shepherd/version/download/068f400000HW9InAAL
- Connect to vCenter server with WinSCP and navigate to the /tmp folder. *Upon reboot this folder is cleaned out
- Upload the checksts.py script to this path
- SSH to vCenter and after logging on, change to the /tmp directory.
- Run the python checksts.py and examine the results.
If there is anything listed in the Expired Certs section than this is your issue with the 503 error. The next step is to fix this running a shell script provided by VMware. The steps are:
- Take an offline snapshot of vCenter before running this script.
- Download the fixsts.sh script found here: https://kb.vmware.com/sfc/servlet.shepherd/version/download/068f400000JAn50AAD
- Use WinSCP again to transfer this script to the /tmp folder.
- SSH into vCenter and make the file executable to run by navigating to /tmp and executing:
- chmod +x fixsts.sh
- Run the script. There is going to be a prompt for the root password before this completes the fix.
- Restart all services on the vCenter
- service-control –stop –all
- service-control –start –all
You will have to wait for the services to start up. If there are some services that do not start there maybe another issue unrelated to STS but still check to ensure the web service starts. Accessing the WebGUI should now work.