VMware Cloud Community
pabloramos
Enthusiast
Enthusiast
‎01-30-2015 11:34 AM
Jump to solution

issue with AD plug-in 1.0.4

I need to troubleshoot an issue I am having with the Active Directory plug-in version 1.0.4-763.763. I upgraded the plug-in on one of our production VCenter Orchestrator (5.1.1) servers and now I am not able to run the Configuration workflow to view the AD tree. Error from the Configure Active Directory server workflow: [2015-01-30 14:23:39.228] [E] Connection failed. (Workflow:Configure Active Directory server / Update Configuration (item1)#10) – null

0 Kudos
1 Solution

Accepted Solutions
pabloramos
Enthusiast
Enthusiast
‎02-05-2015 08:15 AM
Jump to solution

The issue was a combination of corrupted AD.xml file and SSL certificate chain. I re-loaded the SSL certificate chain and was able to configure AD endpoint via workflow.

View solution in original post

0 Kudos
7 Replies
iiliev
VMware Employee
VMware Employee
‎01-31-2015 10:47 AM
Jump to solution

On line 10 of this workflow / scripting block, there is a call to function which validates provided configuration parameters.

Could you check vCO server log files for the exact Java exception and its stack trace logged when the workflow fails?

0 Kudos
igaydajiev
VMware Employee
VMware Employee
‎02-02-2015 01:31 AM
Jump to solution

Could you also check {vco-install-folder}\app-server\conf\plugins.

Check for files named AD.xml.*

AD.xml file contains the Active Directory server endpoint configuration. If there is an error in existing cpnfiguraion it is possible to end up with similar error.

You can try to reset current configuration endpoint by deleting/AD.xml. Then restart vCO server and try to reconfigure  the Active Directory endpoint.

0 Kudos
pabloramos
Enthusiast
Enthusiast
‎02-03-2015 07:16 AM
Jump to solution

2015-02-03 09:10:04.956-0500 WARN  [MSConnectionHelper] InitialLdapContext connection retry : ( 4 / 3 ) reason : CommunicationException:simple bind failed: myadserver:myport 2015-02-03 09:10:05.970-0500 ERROR [MSConnectionHelper] Unable to create InitialLdapContext javax.naming.CommunicationException: simple bind failed: myadserver:myport [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate is not in JSSECA store.] at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.(Unknown Source) at ch.dunes.common.tools.MSConnectionHelper.testLdapContextConection(MSConnectionHelper.java:103)

0 Kudos
igaydajiev
VMware Employee
VMware Employee
‎02-03-2015 02:07 PM
Jump to solution

host/port value looks strange myadserver:myport

I would suggest to remove the configuration and try to reconfigure the plugin.

0 Kudos
pabloramos
Enthusiast
Enthusiast
‎02-04-2015 06:42 AM
Jump to solution

"host/port value looks strange myadserver:myport " I replaced the AD server and port with text above.

0 Kudos
igaydajiev
VMware Employee
VMware Employee
‎02-05-2015 03:30 AM
Jump to solution

Since the error (java.security.cert.CertificateException: Certificate) is complaining about AD server certificate missing in the trusted store of vCO you could  try to import it manually from vCO Configurator->Network ->SSL trust manager and then restart vCO Server.


Did you try deleting the configuration and re-configuring the plugin?

pabloramos
Enthusiast
Enthusiast
‎02-05-2015 08:15 AM
Jump to solution

The issue was a combination of corrupted AD.xml file and SSL certificate chain. I re-loaded the SSL certificate chain and was able to configure AD endpoint via workflow.

0 Kudos