Leocao2017
VMware Employee
VMware Employee

Unable to reach CA Server when Deploying vRA on SDDC Manager

Jump to solution

We're deploying VCF 3.8.1 on VxRail 4.7.300, it shows "Unable to reach CA Server" as below when deploying vRA on SDDC manager. Any idea is appreciated! Thank you!

P.S. we generated certificate by SDDC manger script.

pastedImage_0.png

0 Kudos
1 Solution

Accepted Solutions
Diddely
Contributor
Contributor

recently saw something similar to this where the basic authentication wasnt set on the CA :.. worth a check..

Prepare the Certificate Service Template :

To ensure that Cloud Foundation can successfully pass authentication when replacing certificates, you must create the certificate service template with the proper basic authentication configuration through the IIS manager.

Procedure

  1. Create a Microsoft Active Directory CA with the following features and settings.
    1. Navigate to Select server roles.
    2. Under Active Director Certificate Services, select Certification Authority and Certification Authority Web Enrollment.
    3. Under Web Server (IIS) > Web Server > Security, select Basic Authentication.
  2. Configure and issue a VMware Certificate Template for Machine SSL and Solution User certificates on this CA server.For step by step procedures, see Knowledge Base article 2112009 Search Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6... .
  3. Configure the certificate service template and all sites (including default web site) for basic authentication.
    1. Access the IIS manager and navigate to Server > Sites > Default Web Site > CertSrv.
    2. Select the Authentication property in the IIS header.
    3. Select and enable Basic Authentication.
    4. Restart the site.

View solution in original post

0 Kudos
1 Reply
Diddely
Contributor
Contributor

recently saw something similar to this where the basic authentication wasnt set on the CA :.. worth a check..

Prepare the Certificate Service Template :

To ensure that Cloud Foundation can successfully pass authentication when replacing certificates, you must create the certificate service template with the proper basic authentication configuration through the IIS manager.

Procedure

  1. Create a Microsoft Active Directory CA with the following features and settings.
    1. Navigate to Select server roles.
    2. Under Active Director Certificate Services, select Certification Authority and Certification Authority Web Enrollment.
    3. Under Web Server (IIS) > Web Server > Security, select Basic Authentication.
  2. Configure and issue a VMware Certificate Template for Machine SSL and Solution User certificates on this CA server.For step by step procedures, see Knowledge Base article 2112009 Search Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6... .
  3. Configure the certificate service template and all sites (including default web site) for basic authentication.
    1. Access the IIS manager and navigate to Server > Sites > Default Web Site > CertSrv.
    2. Select the Authentication property in the IIS header.
    3. Select and enable Basic Authentication.
    4. Restart the site.
0 Kudos