Solved: Unable to register vcenter with external PSC, STS ...

Glenn77 · ‎05-02-2018

Deployed and registered skyline appliance, but unable to register vcenter with external PSC - below is error - please provide next steps.

Thanks

Endpoint test failed. Error message: Couldn't create PropertyCollector facade for getting the VC UUID -> java.lang.RuntimeException: Couldn't login the client. -> Couldn't login the client. -> Received SSO error -> The SSL certificate of STS service cannot be verified

Debashish_Rath · ‎05-03-2018

Hi Glenn77,

Please, replace the lookup service certificate by following the below KB. VMware Knowledge Base

Please raise a Support Request with VMware GSS (vCenter) Team if you have any doubt or need any further assistance.

Note: Please take a Snapshot and Backup of the PSC and vCenter before making any changes.

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

View solution in original post

Debashish_Rath · ‎05-02-2018

Hi Glenn77,

Please reboot the Skyline Appliance and try again, that should fix the issue.

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

Glenn77 · ‎05-03-2018

Unfortunately same error after reboot of skyline appliance. When I browse to PSC website I have valid SSL certificate. When I browse to https://<psc ip address>:7444/STS or https://<psc ip address>:7444/lookup I have an expired certificate, which appears to be causing the issue.

Debashish_Rath · ‎05-03-2018

Hi Glenn77,

Please let us know the version of vCenter, is it 6.0 or 6.5?

Does this 6.0 or 6.5 version was upgraded from vCenter 5.5?

While adding an endpoint you need to use PSC FQDN.

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

Glenn77 · ‎05-03-2018

Vcenter 6.5 appliance with external PSC appliance

Was likely updated not reinstalled along the way

Using FQDN

VMCA is subordinate CA and has issued certs, but it appears cert used on :7444 is old cert. Not sure if this is proxy or STS and Lookup services.

Debashish_Rath · ‎05-03-2018

Hi Glenn77,

Please, replace the lookup service certificate by following the below KB. VMware Knowledge Base

Please raise a Support Request with VMware GSS (vCenter) Team if you have any doubt or need any further assistance.

Note: Please take a Snapshot and Backup of the PSC and vCenter before making any changes.

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

Debashish_Rath · ‎05-11-2018

Hi Glenn77,

Did you try registering the vCenter Server endpoint after the certificate replacement?

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

Debashish_Rath · ‎05-15-2018

Hi Glenn77

Did you try registering the Skyline Appliance after the certificate replacement ?

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

slanger · ‎05-21-2018

I had a similar issue that was fixed by using FQDN instead of IP addresses for the PSC and vCenter. Per support, this is a bug and is being worked on for next version.

Debashish_Rath · ‎05-29-2018

Hi Glenn77

We see that you were working with a VMware Technical Support Engineer to resolve the STS certificate issue. We would appreciate it if you would come back here and share the final solution with other community members.

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

Debashish_Rath · ‎05-29-2018

Hi slanger,

Thank you for sharing your knowledge.

We have already fixed the FQDN and IP Address issue in 1.0.0.2 however on the above case the STS certificate was expired.

Sincerely, Debashish Kumar Rath SkyLine Support Moderator

All

Unable to register vcenter with external PSC, STS certificate error