Portal Home > Knowledgebase > VMware Knowledge Base > Opening the virtual machine console after a fresh installation of ESXi or ESX fails with the error: The host certificate chain is not complete

Opening the virtual machine console after a fresh installation of ESXi or ESX fails with the error: The host certificate chain is not complete

Symptoms

After a fresh installation of ESXi or ESX on the affected host, you experience these symptoms:

  • You are unable to view the console of virtual machines within the host
  • You see the error:

    Unable to connect to the MKS: The remote host has these problems: * The host certificate chain is not complete".

  • You are able to view the virtual machine console when you connect to the host directly using the VI Client
  • Other hosts in the inventory are able to see the virtual machine consoles.

Resolution

This issue occurs when the host has problems with the certificate.

To resolve this issue, you must recreate the host certificates.
 
To recreate the host certificates:
  1. Log in to the affected ESX/ESXihost. For accessing Tech Support Mode in ESXi, see Using Tech Support Mode in ESXi 4.1 and 5.0.
  2. Navigate to the location where the certificate files are stored using this command:

    cd /etc/vmware/ssl

  3. Verify if the certificate files are available using this command:

    /etc/vmware/ssl # ls

    You see an output similar to:

    rui.crt rui.key

  4. Move these file to a temporary directory using these command:

    mv rui.crt /tmp
    mv rui.key /tmp

    Note: Ensure that these files are moved using the ls command

     
  5. Recreate the SSL certificate for the host using this command:

    /sbin/generate-certificates

    Note:Restarting the management services does not recreate the SSL certificates. You must run the generate-certificates script.

  6. Run this command to verify if the files are created:

    /etc/vmware/ssl # ls

    You must see an output similar to:

    rui.crt rui.key

  7. Disconnect the host from vCenter Server and then remove it from the inventory.

    Note: Ensure that EVC is not enabled before removing the host. If EVC is enabled, the host requires a downtime.

  8. Add the host back to the vCenter Server inventory and then try opening the console of a powered on virtual machine. You should now be able to see the virtual machine console.


Based on VMware KB 2006124

Also Read

Language: