I need to troubleshoot an issue I am having with the Active Directory plug-in version 1.0.4-763.763. I upgraded the plug-in on one of our production VCenter Orchestrator (5.1.1) servers and now I am not able to run the Configuration workflow to view the AD tree. Error from the Configure Active Directory server workflow: [2015-01-30 14:23:39.228] [E] Connection failed. (Workflow:Configure Active Directory server / Update Configuration (item1)#10) – null
The issue was a combination of corrupted AD.xml file and SSL certificate chain. I re-loaded the SSL certificate chain and was able to configure AD endpoint via workflow.
On line 10 of this workflow / scripting block, there is a call to function which validates provided configuration parameters.
Could you check vCO server log files for the exact Java exception and its stack trace logged when the workflow fails?
Could you also check {vco-install-folder}\app-server\conf\plugins.
Check for files named AD.xml.*
AD.xml file contains the Active Directory server endpoint configuration. If there is an error in existing cpnfiguraion it is possible to end up with similar error.
You can try to reset current configuration endpoint by deleting/AD.xml. Then restart vCO server and try to reconfigure the Active Directory endpoint.
2015-02-03 09:10:04.956-0500 WARN [MSConnectionHelper] InitialLdapContext connection retry : ( 4 / 3 ) reason : CommunicationException:simple bind failed: myadserver:myport 2015-02-03 09:10:05.970-0500 ERROR [MSConnectionHelper] Unable to create InitialLdapContext javax.naming.CommunicationException: simple bind failed: myadserver:myport [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate is not in JSSECA store.] at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.(Unknown Source) at ch.dunes.common.tools.MSConnectionHelper.testLdapContextConection(MSConnectionHelper.java:103)
host/port value looks strange myadserver:myport
I would suggest to remove the configuration and try to reconfigure the plugin.
"host/port value looks strange myadserver:myport " I replaced the AD server and port with text above.
Since the error (java.security.cert.CertificateException: Certificate) is complaining about AD server certificate missing in the trusted store of vCO you could try to import it manually from vCO Configurator->Network ->SSL trust manager and then restart vCO Server.
Did you try deleting the configuration and re-configuring the plugin?
The issue was a combination of corrupted AD.xml file and SSL certificate chain. I re-loaded the SSL certificate chain and was able to configure AD endpoint via workflow.