Expired SCVMM certificate

Add a comment January 3rd, 2018 Rune

In SCVMM 2012 R2 we suddenly couldn’t deploy VMs from a template, install “Virtual Guest Services Tools”, etc. All jobs failed with the following:

Error (2912)

An internal error has occurred trying to contact the server.domain.com server: NO_PARAM: NO_PARAM.

WinRM: URL: [http://server.domain.com:5985], Verb: [INVOKE], Method: [GetError], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/microsoft/bits/BitsClientJob?JobId={62469246-350C-4ADE-A0BE-80D9E30C382D}]

Unknown error (0x80072f05)

Recommended Action

Check that WS-Management service is installed and running on server server.domain.com. For more information use the command “winrm helpmsg hresult”. If server.domain.com is a host/library/update server or a PXE server role then ensure that VMM agent is installed and running. Refer to http://support.microsoft.com/kb/2742275 for more details.

We verified that we could connect to “server.domain.com” on TCP 5985 from the VMM server.

[PowerShell]:

tnc server.domain.com -Port 5985

Checking the self-signed certificate on the VMM server it showed that it was expired. (01.01.2018)


 

Resolution:

Delete the expired certificate from the VMM server’s Personal Store and create a new one:

[PowerShell]:

$credential = get-credential

Get-VMMManagedComputer -ComputerName “VMM-Server.domain.com” | Register-SCVMMManagedComputer -Credential $credential

You will now get a new certificate which is valid for 5 years.

 

 

 

nothing, Troubleshooting
  1. January 22nd, 2018 at 18:25 | #1
    Alan

    Thank you! Had the same error, couldn’t create new VMs. Might have figured out the cert had expired eventually but probably not the register command to regenerate it.

  2. March 22nd, 2018 at 19:50 | #2
    Brachus12

    https://support.microsoft.com/en-us/help/4086006/renew-certificates-in-system-center-2012-r2-virtual-machine-manager

    The powershell commands didn’t work for me, I had to use the MS tool from the link above to resolve this

  3. January 4th, 2019 at 22:55 | #3
    Matthew F

    Once the certificate has been renewed/recreated, are there any additional steps required on the hosts? Will I need to install the cert in each host’s Trusted Root Authority stores?

  4. January 10th, 2019 at 11:19 | #4
    Rune

    There is no additional steps. Just create the new certificate on the VMM server and you are good to go.

  5. January 10th, 2019 at 07:23 | #5
    Vipin Kumar

    We are not able to renew/recreate certificate through this command, Can any one help here, that how we can renew these SCVMM certificate on Rollup update -11

    On below it says , install the rollup update 14, but is there any way to do it on rollup 11.
    https://support.microsoft.com/en-us/help/4086006/renew-certificates-in-system-center-2012-r2-virtual-machine-manager.

    Help is highly appreciated

  6. January 10th, 2019 at 11:21 | #6
    Rune

    So the cmdlets didn’t work for you? Have you considered installing the latest rollup?

  7. January 18th, 2019 at 07:39 | #7
    Tom

    There is a mistake:

    wrong: Get-VMMManagedComputer
    right: Get-SCVMMManagedComputer

    $credential = get-credential

    Get-SCVMMManagedComputer -ComputerName “VMM-Server.domain.com” | Register-SCVMMManagedComputer -Credential $credential

  8. February 5th, 2020 at 20:13 | #8
    David

    If you find the commandlet doesn’t work, realize there is a “Virtual Machine Manager Command Shell” version of Powershell on the server.

    Both the cert deleted and the command can be run on the same server.

  9. February 7th, 2020 at 20:18 | #9
    Andy

    I was not able to Provision VMs using PVS server and it turned out to be due to expired cert.
    Reviewed the above steps and followed the steps from –
    https://techcommunity.microsoft.com/t5/system-center-blog/i-accidentally-deleted-the-vmm-self-signed-certificate-from-the/ba-p/348080

    Issue resolved. Thank you all tech volunteers!!!!

  1. No trackbacks yet.
Comments feed


− 2 = three