Solved: Re: Unable to install IaaS

gsaliensjr · ‎04-19-2014

I could sure use some advice on this everyone. Very frustrating trying to just install the IaaS component.

I am setting up a distributed installation going through a Citrix Netscaler VPX Load balancer.

I of course have 2 vcac appliance with it's virtual VIP: vcloud.pslab.internal

next is the IaaS server with a vip of: vcacweb.pslab.internal

Successfully configured the appliance but I am having very difficult time trying to install IaaS

Here is the list of preliminary steps prior to installing Website and Model Manager.

---------------------------------------------------------------------------------------------------------------------------------------------

1. Microsoft .NET Framework 4.5 installed

IIS Server Role installed
Currently only Microsoft Internet Information Services (IIS) 7.5 is supported. IIS Server role must be installed with the following Role Services using Server Manager (More information on installing IIS can be found here😞
1. Static Content
2. Default Document
3. HTTP Redirection (required for vCAC Self-Service Portal)
4. ASP.NET
5. ISAPI Extensions
6. ISAPI Filter
7. Windows Authentication

IIS Authentication configuration
After installing IIS, you’ll need to do some configuration within IIS:
1. Open Internet Information Services (IIS) Manager
2. In the tree pane, expand the <machine name>, Sites, to reach the Default Web Site
3. In the results pane, double click on Authentication
4. Disable Anonymous Authentication
5. Enable Windows Authentication
6. Highlight Windows Authentication and click on Providers under Actions on the right hand side

i. Remove Negotiate from the Enabled Providers list

ii. Add Negotiate back into the list, making sure it is the first provider in the list. (This is necessary due to a bug in IIS)

iii. Both Negotiate and NTLM providers should be enabled

Open Advanced Settings (above Providers)
i. In the drop down box for Extended Protection change it to Accept and then change it back to Off again
ii. Kernel-Mode Authentication should be enabled
iii. Click OK. (This is necessary due to a bug in IIS)

Windows Process Activation Service installedthe following procedure to add the Windows Process Activation Service feature:
1. Open Server Manager
2. Expand the Windows Process Activation Service feature

i. Select Process Model, .Net Environment, Configuration APIs

Expand the .Net Framework 3.5.1 Features
i. Select both .Net Framework 3.5.1 and WCF Activatio
ii. Make sure that both HTTP Activation and Non-HTTP Activation is selected
Complete the installation of the Windows Features

Microsoft Distributed Transaction Coordinator Service (MS DTC) enabled

Log on as a batch job right

Log on as a service right

Added DisableLoobBackChecking to the registry

added Disablestrictnamechecking to the registry

My domain account is in the Administrator group

Follower Kendricks blog and ran the pre auto script

http://www.kendrickcoleman.com/index.php/Tech-Blog/how-to-install-vcloud-automation-center-vcac-60-p...

-----------------------------------------------------------------

I incuded screenshots of the installation process.

After all the steps required, I can install IaaS. Very frustating guys, I tell ya. The installation fails at this point

every time

Error Log

------------------------------------------------------------

Info : 2014-04-19 01 03 54 851 AM : at System.Data.Services.Client.QueryResult.Execute()

Info : 2014-04-19 01 03 54 851 AM : at System.Data.Services.Client.DataServiceRequest.Execute[TElement](DataServiceContext context, QueryComponents queryComponents)

Info : 2014-04-19 01 03 54 851 AM : at System.Data.Services.Client.DataServiceQuery`1.Execute()

Info : 2014-04-19 01 03 54 851 AM : at System.Data.Services.Client.DataServiceQuery`1.GetEnumerator()

Info : 2014-04-19 01 03 54 851 AM : at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source)

Info : 2014-04-19 01 03 54 851 AM : at System.Data.Services.Client.DataServiceQueryProvider.ReturnSingleton[TElement](Expression expression)

Info : 2014-04-19 01 03 54 851 AM : at System.Linq.Queryable.FirstOrDefault[TSource](IQueryable`1 source)

Info : 2014-04-19 01 03 54 851 AM : at DynamicOps.Repository.CafeClientAbstractFactory.LoadComponentRegistryUri()

Info : 2014-04-19 01 03 54 851 AM : at System.Lazy`1.CreateValue()

Info : 2014-04-19 01 03 54 851 AM : at System.Lazy`1.LazyInitValue()

Info : 2014-04-19 01 03 54 851 AM : at DynamicOps.Repository.CafeClientAbstractFactory.get_CafeUri()

Info : 2014-04-19 01 03 54 851 AM : at VMware.Cafe.ComponentRegistryClientFactory..ctor(ICafeServiceClientFactoryFactory abstractFactory)

Info : 2014-04-19 01 03 54 851 AM : at DynamicOps.Repository.CafeClientAbstractFactory.CreateClientFactory()

Info : 2014-04-19 01 03 54 851 AM : at System.Lazy`1.CreateValue()

Info : 2014-04-19 01 03 54 851 AM : at System.Lazy`1.LazyInitValue()

Info : 2014-04-19 01 03 54 851 AM : at VMware.Cafe.Client.Registration.RegisterUIPlugin(String jsonMetadata)

Info : 2014-04-19 01 03 54 851 AM : at VMware.VcacConfig.UIRegistrationCommands.RegisterUIPluginCommand.Execute(CommandLineParser parser)

Info : 2014-04-19 01 03 54 851 AM : Warning: Non-zero return code. Command failed.

Info : 2014-04-19 01 03 54 867 AM :C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml(528,5): error MSB3073: The command ""C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\Vcac-Config.exe" RegisterUIPlugin -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\plugin.json" -v" exited with code 1.

Info : 2014-04-19 01 03 54 867 AM :Done Building Project "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml" (VARegistrationFinalSteps target(s)) -- FAILED.

Info : 2014-04-19 01 03 54 867 AM :Build FAILED.

Info : 2014-04-19 01 03 54 867 AM :"C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml" (VARegistrationFinalSteps target) (1) ->

Info : 2014-04-19 01 03 54 867 AM :(VARegistrationFinalSteps target) ->

Info : 2014-04-19 01 03 54 867 AM : C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml(528,5): error MSB3073: The command ""C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\Vcac-Config.exe" RegisterUIPlugin -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\plugin.json" -v" exited with code 1.

Info : 2014-04-19 01 03 54 867 AM : 0 Warning(s)

Info : 2014-04-19 01 03 54 867 AM : 1 Error(s)

Info : 2014-04-19 01 03 54 867 AM :Time Elapsed 00:00:17.66

----------------------------------------------------------------------------------------------------------------------

Thanks in advance everyone.

Aronov · ‎04-24-2014

Based on the error in the log It seems like you are having a certificate trust issue...

Info : 2014-04-19 01 03 37 253 AM : "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\Vcac-Config.exe" RegisterUIPlugin -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\plugin.json" -v

Info : 2014-04-19 01 03 54 851 AM : System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

It seems that your VCAC-Config command is not trusting the repository certificate. can you locate the config setting named "repositoryAddress" in

C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\Vcac-Config.exe.config

and try to open it with Internet explorer from the IaaS server you are installing (make sure to use HTTPS). Then IE will report on the reason the certificate is not trusted.

Note that it is okay if you get some sort of forbidden http response since you are not authenticated to use the repository when calling it from the browser.

View solution in original post

gsaliensjr · ‎04-19-2014

Looking through the other treads. Any idea why vCAC is so difficult to set up?

admin · ‎04-19-2014

Hi,

What version of operating system are you using? Please make sure you do NOT have dot net 4.5.1 and only 4.5

If you try to reinstall, make sure you remove the database from the database server, the vcac iaas application from the server and any folders in program files (x86). Make sure you have everything set up as before in terms of the batch logon service accounts etc.

This blog is very handy for installing the IaaS components. http://grantorchard.com/vcac/implementation/vcac-6-0-iaas-installation/

I agree - the distributed install of vCAC can be tricky and hopefully that will improve over time.

Oli

gsaliensjr · ‎04-19-2014

Hello

After each failed installation attempt.

1. Delete the database

2.create new database

3. Uninstall the failed vCAC install

4. unbind port 443

5. Reconfirm the IIS settings

6 run the asp_net command for .net 4.5

reboot the machine and then it fails the install again.

I followed grandorchard and Kendrick Coleman install process. I wish that would have

worked for me.

It is exasperating that this install is this tricky.

gsaliensjr · ‎04-19-2014

I detailed every step for the instal in my original post....just don't get why it is failing.

gsaliensjr · ‎04-19-2014

I have 3 clusters going through the load balancer.

vCAC Appliance

vcac1 and vcac2 (vcloud.pslab.internal)

Website/Model Manager

iaas1 and iaas2 (vcacweb.pslab.internal)

Manager Service/DEM Orchestrator

vcacdem1 and vcacdem2 (vcacmgr.pslab.internal)

I created 3 certs

vcloud.pslab.internal

vcacweb.pslab.internal

vcacmgr.pslab.internal

Imported vcacweb.pslab.internal into IIS. Could the cert cause this issue?

gsaliensjr · ‎04-19-2014

Saw this on another blog. Same error./issue I am dealing with.

“Building Project “C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\DeployRepository.xml” (VARegistrationFinalSteps target(s)) — FAILED.

Build FAILED.

Authentication issue

……

this error occurs when either the username or password supplied to iis is invalid

------------------------

Any idea to address how the username or password supplied to iis is invalid?

admin · ‎04-23-2014

Sorry for the late reply. I was speaking with a colleague the other day who mentioned a similar set up and he hit problems installing the IaaS components. He was using a VIP DNS A-RECORD that resolved to the IP address of a load balancer when installing the IaaS component and it kept on failing. What he did was implement a workaround whereby he created a CNAME dns record using was the FQDN of the VIP as that has to match the cert you are using, but pointed the CNAME to the A-RECORD of the IaaS node, not the IP address of the VIP on the LB - he removed any DNS records that may point to this VIP. Once he did this, it installed correctly. When he installed the second IaaS server, again, he removed the CNAME, created a new one and pointed this to the A-RECORD of the second IaaS server and not the VIP on the LB. Once he had installed everything correctly, he removed the CNAME and created the A-RECORD which pointed to the LB VIP IP address.

Let me know if this makes any sense and if you could try this. There was something else he mentioned and I am not sure if this is related but he needed to make an update to a python file.

Let me know!

Oli

Aronov · ‎04-24-2014

Based on the error in the log It seems like you are having a certificate trust issue...

Info : 2014-04-19 01 03 37 253 AM : "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\Vcac-Config.exe" RegisterUIPlugin -f "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\plugin.json" -v

Info : 2014-04-19 01 03 54 851 AM : System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

It seems that your VCAC-Config command is not trusting the repository certificate. can you locate the config setting named "repositoryAddress" in

C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe\Vcac-Config.exe.config

and try to open it with Internet explorer from the IaaS server you are installing (make sure to use HTTPS). Then IE will report on the reason the certificate is not trusted.

Note that it is okay if you get some sort of forbidden http response since you are not authenticated to use the repository when calling it from the browser.

gsaliensjr · ‎04-24-2014

Thanks to everyone that responded to my post. Each response was very very helpful. I resovled the problem, it was a certificate issue.

Once I received a valid cert everything worked. I used the following links to generate the certs and add the certs to the load balancer.

http://blog.schertz.name/2011/08/certificate-requests-in-windows-server-2008/

and

http://www.derekseaman.com/2013/05/import-iis-ssl-certificate-to-citrix-netscaler.html

mohab_samy · ‎10-11-2018

What if I using Self-sign Certificate

All

Unable to install IaaS