Skip to main content
NetApp Knowledge Base

COTV-7567: HA upgrade from ONTAP tools 10.3 to 10.5 fails during vCenter certificate validation

  1. Last updated
  2. Save as PDF
Views:
11
Visibility:
Public
Votes:
0
Category:
virtual-storage-console-for-vmware-vsphere
Specialty:
virt
Last Updated:

Issue

During the HA upgrade from ONTAP tools version 10.3 to 10.5, the upgrade process fails at the vCenter certificate validation step. The following errors are recorded in the logs:
 
07:05:04[1]()[diag@rajneesh1:]$ cat /var/log/ansible-perl-errors.log
Mon Nov 17 13:53:20 2025 : SAN check has failed for storage backends.
Mon Nov 17 13:53:28 2025 : Error running cert_validation.py script with patch
Mon Nov 17 13:53:28 2025 : One or more onboarded vCenters do not have valid certificates with exit code -1.
Mon Nov 17 13:53:28 2025 : One or more onboarded vCenters do not have valid certificates with error code 07090.
Additionally, multiple errors 'did you specify the right host or port?' occur while executing kubectl commands:
07:05:13[2]()[diag@rajneesh1:]$ cat /var/log/cert_validation_error.log
2025-11-17 13:53:27,768 - INFO - load_balancer_ip: 0.0.0.0
2025-11-17 13:53:27,768 - INFO - sb_cert: False
2025-11-17 13:53:27,768 - INFO - is_patch_sb: False
2025-11-17 13:53:27,768 - INFO - vc_cert: True
2025-11-17 13:53:27,768 - INFO - is_patch_vc: False
2025-11-17 13:53:27,776 - INFO - Connected (version 2.0, client OpenSSH_9.2p1)
2025-11-17 13:53:27,852 - INFO - Auth banner: b'WARNING: Unauthorized access to this system is forbidden and will be\nprosecuted by law. By accessing this system, you agree that your actions\nmay be monitored if unauthorized usage is suspected.'
2025-11-17 13:53:27,852 - INFO - Authentication (password) successful!
2025-11-17 13:53:27,852 - INFO - command to be executed : kubectl get svc -n ntv-system | grep ntv-vault
2025-11-17 13:53:27,945 - INFO - E1117 13:53:51.372703 1064347 memcache.go:238] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1117 13:53:51.373007 1064347 memcache.go:238] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1117 13:53:51.374392 1064347 memcache.go:238] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1117 13:53:51.375797 1064347 memcache.go:238] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
E1117 13:53:51.377218 1064347 memcache.go:238] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp 127.0.0.1:8080: connect: connection refused
The connection to the server localhost:8080 was refused - did you specify the right host or port?

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.