Expired SCVMM certificate

Add a comment January 3rd, 2018 Rune

In SCVMM 2012 R2 we suddenly couldn’t deploy VMs from a template, install “Virtual Guest Services Tools”, etc. All jobs failed with the following:

Error (2912)

An internal error has occurred trying to contact the server.domain.com server: NO_PARAM: NO_PARAM.

WinRM: URL: [http://server.domain.com:5985], Verb: [INVOKE], Method: [GetError], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/microsoft/bits/BitsClientJob?JobId={62469246-350C-4ADE-A0BE-80D9E30C382D}]

Unknown error (0x80072f05)

Recommended Action

Check that WS-Management service is installed and running on server server.domain.com. For more information use the command “winrm helpmsg hresult”. If server.domain.com is a host/library/update server or a PXE server role then ensure that VMM agent is installed and running. Refer to http://support.microsoft.com/kb/2742275 for more details.

We verified that we could connect to “server.domain.com” on TCP 5985 from the VMM server.

[PowerShell]:

tnc server.domain.com -Port 5985

Checking the self-signed certificate on the VMM server it showed that it was expired. (01.01.2018)


 

Resolution:

Delete the expired certificate from the VMM server’s Personal Store and create a new one:

[PowerShell]:

$credential = get-credential

Get-VMMManagedComputer -ComputerName “VMM-Server.domain.com” | Register-SCVMMManagedComputer -Credential $credential

You will now get a new certificate which is valid for 5 years.

 

 

 

nothing, Troubleshooting
  1. January 22nd, 2018 at 18:25 | #1
    Alan

    Thank you! Had the same error, couldn’t create new VMs. Might have figured out the cert had expired eventually but probably not the register command to regenerate it.

  2. March 22nd, 2018 at 19:50 | #2
    Brachus12

    https://support.microsoft.com/en-us/help/4086006/renew-certificates-in-system-center-2012-r2-virtual-machine-manager

    The powershell commands didn’t work for me, I had to use the MS tool from the link above to resolve this

  3. January 4th, 2019 at 22:55 | #3
    Matthew F

    Once the certificate has been renewed/recreated, are there any additional steps required on the hosts? Will I need to install the cert in each host’s Trusted Root Authority stores?

  4. January 10th, 2019 at 11:19 | #4
    Rune

    There is no additional steps. Just create the new certificate on the VMM server and you are good to go.

  5. January 10th, 2019 at 07:23 | #5
    Vipin Kumar

    We are not able to renew/recreate certificate through this command, Can any one help here, that how we can renew these SCVMM certificate on Rollup update -11

    On below it says , install the rollup update 14, but is there any way to do it on rollup 11.
    https://support.microsoft.com/en-us/help/4086006/renew-certificates-in-system-center-2012-r2-virtual-machine-manager.

    Help is highly appreciated

  6. January 10th, 2019 at 11:21 | #6
    Rune

    So the cmdlets didn’t work for you? Have you considered installing the latest rollup?

  7. January 18th, 2019 at 07:39 | #7
    Tom

    There is a mistake:

    wrong: Get-VMMManagedComputer
    right: Get-SCVMMManagedComputer

    $credential = get-credential

    Get-SCVMMManagedComputer -ComputerName “VMM-Server.domain.com” | Register-SCVMMManagedComputer -Credential $credential

  8. February 5th, 2020 at 20:13 | #8
    David

    If you find the commandlet doesn’t work, realize there is a “Virtual Machine Manager Command Shell” version of Powershell on the server.

    Both the cert deleted and the command can be run on the same server.

  9. February 7th, 2020 at 20:18 | #9
    Andy

    I was not able to Provision VMs using PVS server and it turned out to be due to expired cert.
    Reviewed the above steps and followed the steps from –
    https://techcommunity.microsoft.com/t5/system-center-blog/i-accidentally-deleted-the-vmm-self-signed-certificate-from-the/ba-p/348080

    Issue resolved. Thank you all tech volunteers!!!!

  10. November 9th, 2020 at 02:35 | #10
    sean xiao

    Reading this article made me very inspired, thank you so much for writing such a great article, I will definitely follow your blog and read every article you write.

  11. January 3rd, 2022 at 01:24 | #11
    Alan

    I updated the cert on the VMM master server, but it was still failing for me. Turns out that in my case my libary server is a seperate box which also has an agent on it. It was reporting that it couldn’t contact the main server, but in reality that was because the cert over on the library server was out of date . You also have to “push” that cert out to the library server and that will fix is.

    You can do that in the SCVMM console “fabric” tab (bottom left of the screen) and then udpate agent on the library server boxes or any machine which needs it. Update agent seems to regenerate the cert on each of the boxes remotely.

  1. No trackbacks yet.
Comments feed


3 × = twenty seven