VMware Cloud Community
james411
Enthusiast
Enthusiast

Cannot access vCenter login using FQDN - [400] An error occurred while sending an authentication req

This is a brand new install of the VCSA 8.0U1c.

I configured the appliance with a FQDN during setup, have a forward and reverse lookup record in my DNS, and am trying to access the login page using the FQDN: my-server.mydomain.local

I get the error

 

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server- An error occurred when processing meta data during vCenter Single Sign-On setup:the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.

 

If I use the IP address it works fine. I can also use the FQDN and log in using my-server.mydomain.local:5480

When I do nslookup my-server.mydomain.local from the console of the VCSA it returns the correct IP (although the response comes from 127.0.0.1?). Checking the hostname from the console shows I have the correct FQDN set.

When I try to adjust the DNS settings from the console, I get an error: Setting DNS failed

Anyone have any idea what's going on?

I saw this KB about setting a white list: https://kb.vmware.com/s/article/71387

This is supposedly only for short names though. I'm using the FQDN. I might try it anyway, but why on a fresh install am I having to do this?

Thanks for any help!

Reply
0 Kudos
2 Replies
Sachchidanand
Expert
Expert

Have you also checked the PNID? Please find the below lines from the following document:

https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-configuration/GUID-F46DBE63-F04E-42A1-... 

The system name is used as a primary network identifier. If you set an IP address as a system name during the deployment of the appliance, you can later change the PNID to an FQDN.

Here is cli command the check the same:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

Regards,

Sachchidanand

 

Reply
0 Kudos
james411
Enthusiast
Enthusiast

I used a FQDN as the host name during install not an IP. 

Regardless, I managed to get this working. Since this was a fresh install, I just deleted the VM and started over again. The deployment wizard had all the same settings from before and this time after deploying I was able to get to the vCenter client login using the FQDN.

I have a hypothesis for why it didn't work the first time:

The port group I had connected the appliance to the first time on the vSwitch did not have the correct VLAN properly cconfigured and thus had no network access. Maybe lack of network connectivity screwed with something? Probably name resolution which caused the certs to be generated with the IP instead? I didn't have a chance to investigate the certs so can't say for sure, but I was able to get to the client login via IP address before, so seems possible. Some type of warning would have been nice.

Reply
0 Kudos