Hello!
I deployed 2 App V instances in each our Data Centers to do some testing. Now I want to enable Storage group replication from one site to another. From what I can tell I need to add site B as a target in Site A. From what I can see it requires the FQDN of the App V instance in site B.
Currently both sites are using the default VMWare SSL certificates. Should these be replaced with proper SSL certs?
If so, I created a SSL cert from GoDaddy and following these steps and I haven't had any luck getting it to work.
Replace the App Volumes Default Self-Signed Certificate (vmware.com)
Any suggestions or help would be appreciated.
Thanks
I deployed 2 App V instances in each our Data Centers to do some testing. Now I want to enable Storage group replication from one site to another. From what I can tell I need to add site B as a target in Site A. From what I can see it requires the FQDN of the App V instance in site B.
There are two steps to what you want to do:
Currently both sites are using the default VMWare SSL certificates. Should these be replaced with proper SSL certs?
If so, I created a SSL cert from GoDaddy and following these steps and I haven't had any luck getting it to work.
Replace the App Volumes Default Self-Signed Certificate (vmware.com)
Any suggestions or help would be appreciated.
I will give the steps after you answer these questions for you.
Hi Micheal!
Thanks for your response.
There are two steps to what you want to do:
SSL Certificates
I've provided some screen shots for reference.
Thanks for helping me out!
Check the other two cert stores below and confirm they have GoDaddy cert assigned, to confirm.
Did you create a CSR from the AppVolMgr Server to submit to GoDaddy?
For the AppVolumes configuration: Review this TechZone article.
https://via.vmw.com/tchzmno3034
I did create the CSR on the APPV Windows server using CertUtil which was submitted to GoDaddy.
I have 2 GoDaddy cert's in Trusted Root/Certificates but no certificate in Enterprise Trust. The certificate chain is valid so I believe it's correct or it wouldn't show it was. It was in the screen capture I provided.
In regards to the setup for replication I want to confirm that all I need to do is add the Secondary site as a target on the Primary site under instances and add the Primary as a target on the Secondary site?
For the joining of the two sites, you just decide which is going to be your primary site (Source AppVolMgr). Then add your other sites to that Source Instance as Target Instances.
What format did you receive the certs in?
-OR-
Hope this helps.
Thanks for the information in regards to joining them together. Now I need to solve the SSL issue.
The certificate came as a CRT and PEM. I installed and exported to a .PFX file. Then I used SSLopen tools to extract the certificate and key. When I did this, it's protected by password. I don't know where to add the password into the nginx.conf file.
Maybe I should install OepnSSL tools on AppvolMGR and follow this Obtain a CA-Signed Certificate Using a CSR (vmware.com) instead of using built in WIndows Certreq.
What are your thoughts?
The password is for protecting your key. you don't need it for any of the AppVolMgr cert configuration. It's just so no one can export the cert with key from your server.
Use that Open SSL command string I gave you that will create the pfx file that you can import into the server and then restart the service to see if you did everything right.
Hi Micheal!
Thanks for all the information. I really appreciate it!
I was able to get the certificates created and installed using the SSL Open tools and the proper command to create the CSR and KEY file. Using the default MS CertReq utility doesn't work without extra steps.
I'm having issues getting the storage groups to work. On the Primary site, it doesn't sync the packages between the DS with errors. I have a case opened up with support, but so far they haven't been able to resolve it.
Cheers
I was able to get the certificates created and installed using the SSL Open tools and the proper command to create the CSR and KEY file. Using the default MS CertReq utility doesn't work without extra steps.
Thats why I use OpenSSL to create the proper cert formats I need. I use the OpenSSL scripts for AppVolumes and Horizon CS servers.
I'm having issues getting the storage groups to work. On the Primary site, it doesn't sync the packages between the DS with errors. I have a case opened up with support, but so far they haven't been able to resolve it.
Please provide the SR# via a private message. I will review the SR and see what I can do to get you working.
I reviewed the SR yesterday and see they are requesting you update to a version that fixes this issue.
My suggestion is to follow their instructions and install the hotfix.
Back a backup your DB and VMs just in case of a needed rollback.
Engineering will not let Support hand out hotfix if they have not thoroughly tested with clients that have already reported the issue and confirmed it worked for them, along with doing their own testing.
Hi Micheal!
I applied the update and it solved the issue with the local Storage group replication errors. Now that issue is resolved, but I get errors related to the certificate on the destination site for the site to site replication. I removed the config and re setup accepting the certificate and it still has the same errors.
I uploaded the logs and a screen shot of the errors.
Cheers
I sent you a private message.
Good Day!
I finally got the replication setup with the help of @Micheal_A and Technical support.
This was a brand new installation of 2312 V4.3.0.57. When I setup a storage group, they would not replicate. After contacting support, they provided a patch since this was a known issue with this version.
Log error - undefined method `include?' for nil:NilClass
Now the storage group on the Primary site was replicating to the shared DS and I could see the packages in the secondary Site, but I could not get replication to work on the secondary site storage group. According to the logs, it was looking for a folder that didn't exist.
I caused the replication issue when I didn't use the default naming convention of the folders in the Primary and Secondary site. IMPORTANT Both sites APP V folders HAVE to be the same name for site to site replication to work. I suggest you leave both sites folder named default of "appvolumes" in your Configuration/Storage settings to avoid the issue I had.
Thanks to Mike and VMware Technical support for all their help resolving my issues.