Skip to content

vCenter Server 7.0 upgrade – PNID, SSL Trust Cert error

Quick post on vCenter server upgrade PNID error. I was working my customer to upgrade one of the vCenter from 6.7 to 7.0. Before proceeding with the upgrade, remember to take a full backup of the vCenter. I usually advised my customer to take a cold snapshot besides file-level backup.

During the Pre-upgrade checking process we hit into an error:

Upon checking further it was discovered that the vCenter PNID (Primary Network Identifier) is different from the vCenter FQDN (Fully Qualified Domain Name).

Following this VMware KB, we SSH into vCenter appliance and run the following command:


Select “3” and type in the new FQDN

After confirming the PNID and FQDN is the same, we rebooted the vCenter appliance and run the upgrade process again.

We faced another error after the appliance rebooted. During the pre-check process, it generated

“SSL Trust certificate does not match the current MACHINE_SSL_CERT for one of the service registrations”

We did some checks and found VMware KB which we needed to download lsdoctor tool to help to fix the issue. We ran the following command to fix the trust issue:

python -t

It will prompt for administrator@vsphere.local password. Once done, we ran “/opt/vmware/share/vami/vami_config_net” command again. This time we select 0, to ensure all settings are correct.

After confirming all settings, we ran the upgrade process again and pre-check completed successfully. vCenter was later upgraded to 7.0.

Leave a Reply