Well I had quite the fun experience upgrading my lab to vSphere 6.7 and I had seen many others having similar issues.  I wanted to share the “features” of the new installer and VCSA quirks I had to work around to complete my upgrade.   I just rebuilt my lab with new hardware as I detailed on my last article that you should go check out here.  After the hardware was deployed I started the journey to upgrade to vSphere 6.7 and ran into two significant, but easy to fix issues.

Issue #1

This first issue has been documented elsewhere because it is an issue with upgrades to vSphere 6.5 and vSphere 6.7.  The old VCSA appliances root password has a default password expiration of 90 days.  The new VCSA 6.7 appliance default Root password validity is 365 days.  Anyway, if that password expires, the VCSA upgrade/installer will error out when you try to run the upgrade.  When connecting to the VCSA appliance it will say it “cannot reach the appliance server” or something like that.  I’ve run into this before so I knew what to do.

First, open a browser to the FQDN of the VCSA appliance.  If you’re using an external PSC you must upgrade the PSC first before the vCenter VCSA so do this procedure on the PSC first.  Browse to <VCSA FQDN>:5480 and login using the root account.  Drop down to the Administration section on the left.

Here you can try just resetting the password by entering the current password and then typing in a new password twice.  If you want to continue using the same password then you’re in for a bit more work.  There’s a password policy that you can’t use the same 5 passwords so from here you have to change the password 5 times in a row before you can set it back to your original password.  If you don’t mind rebooting the VCSA here you can also just change the password using this method from VMware.  If changing the password doesn’t work here and you get an error you may also have to run the method from VMware to fix the issue.

Easy enough fix that seems to be the new first step to upgrade VCSA appliances that have been running for a while.  You could also set the Root password expires to No or a higher value if you want to avoid this issue in the future.

Issue #2

This one’s a bit more annoying in that the error is incredibly vague and so far I haven’t seen a  reported resolution to this anywhere.  It’s quite a bit simpler than you might expect.  On the 3rd step of the VCSA Upgrade path it will ask to Connect to source appliance.  It asks for the Appliance FQDN or IP address.  You have to have forward and reverse lookup working in DNS for the hostnames you’re going to use for VCSA appliances or they may not work correctly or even install or upgrade.

Knowing that I did have DNS setup correctly I went ahead and used the FQDN for both the Source appliance and the ESXi host that the PSC VCSA appliances lives on as you can see below.After entering the rest of the information needed to complete the upgrade and starting the actual deployment of the new VCSA appliance the installer almost immediately errors out.  The text starts with “Failed to send http data” and directs you to the log for more information.  If you click the Download Installer Log link in the text of the error it will allow you to save the log file out to disk.
The “Failed to send http data” error wasn’t immediately obvious and I had no idea what it truly meant.  I hoped the logs would give more information.  Sadly I was mistaken.  The logs contain some even more cryptic information around the same error.  Unfortunately nothing in the logs were incredibly helpful at all.  There’s some stuff about the OVFtool and failing to send http data there.  Clearly something is blocking the transfer of the OVF to the ESXi host.
Besides the upgrade failing the other result of this error is that you now have an orphaned VM where the installer tried to deploy onto the ESXi host/vCenter.  Now to the fun part, you can’t delete that orphaned VM through ESXi or through vCenter.  You could do it directly through the CLI on the host I suppose but I found an easier way.  A quick note here as part of my process I’ve been renaming the old PSC (if external) and vCenter VM names to avoid confusion during the upgrade.  Just the VM name on the ESXi host or in vCenter not the actual hostname on the network or in Active Directory.
A quick jump over to VMware Workstation and I connected to my vCenter server.  Here you can delete the orphaned VM quickly and without issue.  Not sure why you can do it here but can’t do it from ESXi or vCenter,  It’s a feature!We’re at least back to zero with the orhpaned VM removed but now how do you get the upgrade to complete.  I did a ton of Googling and community forum surfing and found a few people having the exact same issue but no one had found a direct resolution.  A few people mentioned adding the vCenter Root CA certs to your local machine so that vCenter and ESXi hots certs appear valid.  Several mentioned issues with DNS or even Anti-Virus causing the issue.  For me at least it wasn’t any of that.

The fix is to use the IP Address for the Source Appliance and for the ESXi host instead of the hostnames.  That’s right, it’s that simple.
I’m not sure if it was necessary but I figured it might be so I used the IP Address of the ESXi Host for the Appliance deployment target as well.Previously the installer would error out and display the “Failed to send http data” error immediately.  Not this time!Stage 1 complete and no issues found.Stage 2 complete and my VCSA PSC was upgraded.
So that’s it.  When in doubt try another method of connecting I guess.  I hope one or both of these fixes helps you have a smoother upgrade process.  Thanks for reading!