I install VCAC 6.2 on Windows2012R2 and MSSQL2012SP1
There is no error when I install iaas.
Then:
When I check https://va:5480. The issa-service status is blank.
When I chekc https://va/component-registry/services/status/current. And I get below information
Exception during remote status retrieval for url: https://iaas/WAPI/api/status. Error Message I/O error on GET request for "https://iaas/WAPI/api/status":Connection reset; nested exception is java.net.SocketException: Connection reset.
And When I check https://iaas/WAPI/api/status. I can get correct information.
So, how can I track this error.
Thanks.
Hi,
I think have seen a similar issue.
In my case the problem was that the VA was requesting TLS 1.2 and the certificate on IaaS side is with sha512RSA signature. Which seems to be not supported.
Check in the Event log on the IaaS machine if there are errors like
Event ID: TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event ID: - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
if this is the case for you, you can either install the windows update recommended in this article
http://blogs.technet.com/b/silvana/archive/2014/03/14/schannel-errors-on-scom-agent.aspx
Or re-issue the IaaS certificate to use SHA384 or SHA256
Let me know if this helped.
Is this a distributed install? Load balancers in play?
There is no Separate load balancers。 And DB installed in IAAS server.
All services in IAAS servers started(DEO DEM, agent, management agent, VCAC service)
And WAPI/aip/status serviceInitializationStatus is Registered.
FQDN of the appliance and IaaS box, do they match what you put in when specifying the URL for the Web Server, Manager Service, Virtual Appliance?
Anything in the Windows event logs? Did you try and shutdown the Windows box, reboot the virtual appliance and power on the Windows server after the CPU calms down on the VA (or when the services are registered)?
When issa started there is error for VMware Repository for Failed to start reposiotry service. When DEM and DEO started. There is no error.
And I also try to reboot VA and IAAS.
Then. iaas-service keep on blank.
I also check DNS record. There are IPV4 and IPV6 and match to IAAS. And only IPV4 for VA.
By the way, after I reboot the VA and IAAS, some time I can not find iaas-service information in /component-registry/services/status/current URL.
Do you really mean a 402 or is that a typo? If correct that is *weird*.
Does the catalina.out log (on the vRA Appliance) shed any light on what is happening? Any [WARN] or [ERROR] messages?
Grant
So sorry make this wrong. I get http 502 error in Infrastructure page. Because I always get blank for iaas-service. So, I only create tenant one time. After that I re install my ENV when I see blank status and before create tenant.
I suggest you to raise a SR on this. I had faced a similar issue while upgrading vCAC 6.0 to 6.1. The error was pretty much similar "VMware Repository for Failed to start reposiotry service". Support guys gave some commands to fix that issue. So I think they might have solution for vRA 6.2 also.
Regards,
SK
HI, have you checked IIS has the correct IaaS certificate bound to it?
No sure about this.(Do you have details step to check this?)
And raise SR in vmware. And when we install it via custom install. the bug can not be reproduced.
It's a long shot but it's not anything to do with this Windows update > KB3004375
It caused problems for some people when deployed?
Cheers
this does sounds certificate issue to me , it doesnt seem that the Infra page is authenticating correctly.
on the iaaS server, open IIS -> default web site -> bindings (under actions pane) - edit port 443 and ensure that the SSL cert is the correct one.
I checked it via your steps. And there is correct certificate for port 443
you suggest me need to install KB3004375 on my ENV?
Hi - I wasn't suggesting that you install it.
There was some talk a few weeks back about that KB causing issues with the IAAS components.
However, on reflection I think it might have been a bit of a wide suggestion.
Good luck fixing 🙂
Hi,
We had the similar issue in our POC small environment. The self-signed certs were expired on all components (SSO, vRA VA, IaaS). After I updated the certs on all, here’s what I did to update the backend pieces:
On your IaaS machine, open an elevated command prompt and run the following:
cd c:\”Program Files (x86)”\VMware\vCAC\Server\”Model Manager Data”\Cafe
Vcac-Config.exe UpdateServerCertificates -d vcac -s vrafqdn -v
Vcac-Config.exe GetServerCertificates -url https://vrafqdn --FileName vcac-config.data
Vcac-Config.exe RegisterSolutionUser -url https://vrafqdn --Tenant vsphere.local -cu administrator@vsphere.local -cp ******** --FileName vcac-config.data -v
Vcac-Config.exe MoveRegistrationDataToDB --FileName vcac-config.data -s iaasfqdn -d vCAC -v
Vcac-Config.exe MoveRegistrationDataToDB -d vcac -s iaasfqdn -f vcac-config.data -v
Restart all vCAC IAAS services
Vcac-Config.exe RegisterEndpoint --EndpointAddress https:// iaasfqdn /vCAC/ --Endpoint ui -v
Vcac-Config.exe RegisterEndpoint --EndpointAddress https:// iaasfqdn /Repository --Endpoint repo -v
Vcac-Config.exe RegisterEndpoint --EndpointAddress https:// iaasfqdn /WAPI --Endpoint wapi -v
Vcac-Config.exe RegisterEndpoint --EndpointAddress https:// iaasfqdn /WAPI/api/status --Endpoint status -v
SSH to the vCAC virtual appliance and run the following:
service vcac-server restart
Hope this helps!
Tony K.
Hi,
I think have seen a similar issue.
In my case the problem was that the VA was requesting TLS 1.2 and the certificate on IaaS side is with sha512RSA signature. Which seems to be not supported.
Check in the Event log on the IaaS machine if there are errors like
Event ID: TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event ID: - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
if this is the case for you, you can either install the windows update recommended in this article
http://blogs.technet.com/b/silvana/archive/2014/03/14/schannel-errors-on-scom-agent.aspx
Or re-issue the IaaS certificate to use SHA384 or SHA256
Let me know if this helped.