vCloud Orchestrator plugin - Connection issue

StevenSchlegel · ‎07-17-2013

Hi everybody,

As mentioned in the thread description, I have a problem with adding a new VMware vCloud Director connection within the VMware Orchestrator configuration.

The problem is the follwoing:

I login to the Orchestrator (configuration page -> https://ot001m1.fqdn:8283) and open up "vCloud Director 5.1"-plugin and click on "New vCloud Director Connection".

I'm entering the following informations to connect to the vCloud:

Available: yes

Host: devcloud-portal.fqdn

Port: 443

Max connections: 600

Connection timeout (ms): 20000

Organization: system

Authentication strategy: Basic Authentication

Shared Session: User/Pass

After adding all informations, I'm hitting the "Apply changes" button and the plugin is trying to reach the vCloud-Director(s),

but it's only throwing me an error:

Peer not authenticated or

Connection timed out

The login credentials I provided are correct and I also added some certificates to the "SSL Trust Manager" in Orchestrator Network tab...

I also created a new certificate with SAN attirbutes (Subject alternative names), in case that Orchestrator is checking for SSL certificate compliance...

Do I need to import the SSL cert (incl. the SAN attributes) to the vCloud Director Cells?

I have some screenshots attached, to display the issue in a graphical method...

I hope someone is able to help me out, to understand what the problem in my confiugration is.

Some details of my configuration:

vCenter Setup: VMware vSphere 5.1 environment + ESXi hosts running ESXi 5.1 build 1065491

vCloud Setup: each vCloud Director is using vCloud 5.1.1 (two vCloud Directors running)

Orchestrator: Orchestrator Appliance 5.1.1 build 2942

vShield: vShield Manager Appliance 5.1.2 build 943471

The vShield Appliance is used for load balancing -> both vCloud Cell Director's were load balanced via vShield

Please let me know if you need more informations about the setup.

Thanks in advance and greetings,

Steven

cdecanini_ · ‎07-17-2013

Do you have a root user in the administrator group of the system organization ? If not then this is the problem.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

StevenSchlegel · ‎07-17-2013

Hi cdecanini_,

First of all: Thanks for your reply.

The root-user is the user who was created during installation of the vcloud vm's.

When I try to login to the vcloud-portal (Web interface), I also use the root user.

After login I can see the root-user is already part of the System-Administrator group.

When I use a different organization, "dev" or "catalog" for example and use another

user with the role "organization admin" this is also not working.

Very strange to me ...

greetz,

Steven

cdecanini_ · ‎07-17-2013

You mentioned you have imported SSL certificates. Have you imported the one from the vCD cell (by typing its URL) ?

BTW your screenshots do not show a root user in the system org.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

StevenSchlegel · ‎07-17-2013

Hi,

yep but I made another screenshot (hopeing this is the correct one), showing the root-user.

I imported the SSL certificates via file-upload and by typing the url, but here is the problem:

The vCD-cells (cd001c1 and cd002c1) are useing the same certificate (see attached screenshot).

And the "Common Name" is showing "devcloud-portal".fqdn only.

Do I need to have a SSL certificate installed matching all host-names of vCD cell's (Subject alternative names)?

Maybe this is the problem?

greetings,

Steven

All

vCloud Orchestrator plugin - Connection issue