VMware Cloud Community
dbutch1976
Hot Shot
Hot Shot
‎10-24-2013 08:28 AM

Cannot start second vCenter 5.5 in linked mode

Hello,

I have performed a clean install of two 5.5 vCenters.  The end goal is to link them both via linked mode and eventually pair them using SRM.  The first one (called VC55.KERSMASH.local) installed correctly and is working fine.  The second vCenter (DR8SP1VC55.KERSMASH.local) installed without errors, however the vCenter server service refused to start.  I have checked the VPX logs and as you can see it's moaning about an untrusted root certificate.  As you may be aware, the install process requires accepting the certificates from the first vCenter which I have done, so I can't understand what is causing this issue.

1.  The install method I have used for installing SSO on the 2nd vCenter is "vCenter Single Sign-On for an additional vCenter Server in an existing site

2.  Both vCenters are 5.5

Any thoughts on what I can try??  As far as I can tell SSO is the root of all evil, placed on this earth to plague mankind, so I'm leaning towards SSO being the root cause of this issue also.

2013-10-24T11:14:05.556-04:00 [00484 info '[SSO][SsoFactory_CreateFacade]'] Solution user set to: vCenterServer_2013.10.23_183822

2013-10-24T11:14:05.556-04:00 [00484 info '[SSO][SsoFactory_CreateFacade]'] VC's ServiceId in LookupService: Default-First-Site:44968de1-1958-4817-8327-fde5cca5d764

2013-10-24T11:14:05.556-04:00 [00484 info '[SSO][SsoFactory_CreateFacade]'] STS URI set to: https://VC55.KERSMASH.local:7444/sts/STSService/vsphere.local

2013-10-24T11:14:05.556-04:00 [00484 info '[SSO][SsoFactory_CreateFacade]'] Admin URI set to: https://VC55.KERSMASH.local:7444/sso-adminserver/sdk/vsphere.local

2013-10-24T11:14:05.556-04:00 [00484 info '[SSO][SsoFactory_CreateFacade]'] Groupcheck URI set to: https://VC55.KERSMASH.local:7444/sso-adminserver/sdk/vsphere.local

2013-10-24T11:14:05.556-04:00 [00484 info '[SSO][SsoFactory_CreateFacade]'] VC SSL certificate location: C:\ProgramData\VMware\VMware VirtualCenter\ssl\rui.crt

2013-10-24T11:14:05.558-04:00 [00484 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] STS URI set to: https://VC55.KERSMASH.local:7444/sts/STSService/vsphere.local

2013-10-24T11:14:05.558-04:00 [00484 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Admin URI set to: https://VC55.KERSMASH.local:7444/sso-adminserver/sdk/vsphere.local

2013-10-24T11:14:05.558-04:00 [00484 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Groupcheck URI set to: https://VC55.KERSMASH.local:7444/sso-adminserver/sdk/vsphere.local

2013-10-24T11:14:05.850-04:00 [04932 error 'HttpConnectionPool-000001'] [ConnectComplete] Connect failed to <cs p:000000000972b4f0, TCP:vc55.kersmash.local:7444>; cnx: (null), error: class Vmacore::Ssl::SSLVerifyException(SSL Exception: Verification parameters:

--> PeerThumbprint: DB:2E:87:94:15:1C:C6:F1:18:97:11:02:F5:B9:48:CF:DC:AB:DF:8B

--> ExpectedThumbprint:

--> ExpectedPeerName: vc55.kersmash.local

--> The remote host certificate has these problems:

-->

--> * A certificate in the host's chain is based on an untrusted root.

-->

--> * self signed certificate in certificate chain)

2013-10-24T11:14:05.964-04:00 [00484 error '[SSO][SsoFactory_CreateFacade]'] Unable to create SSO facade: SSL Exception: Verification parameters:

--> PeerThumbprint: DB:2E:87:94:15:1C:C6:F1:18:97:11:02:F5:B9:48:CF:DC:AB:DF:8B

--> ExpectedThumbprint:

--> ExpectedPeerName: vc55.kersmash.local

--> The remote host certificate has these problems:

-->

--> * A certificate in the host's chain is based on an untrusted root.

-->

--> * self signed certificate in certificate chain.

2013-10-24T11:14:05.998-04:00 [00484 error 'vpxdvpxdMain'] [Vpxd::ServerApp::Init] Init failed: Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)

--> Backtrace:

--> backtrace[00] rip 000000018018cd7a

--> backtrace[01] rip 0000000180106c48

--> backtrace[02] rip 000000018010803e

--> backtrace[03] rip 00000001800907f8

--> backtrace[04] rip 00000000003e5bac

--> backtrace[05] rip 0000000000406722

--> backtrace[06] rip 00000001400bdd5a

--> backtrace[07] rip 00000001400b78bc

--> backtrace[08] rip 00000001402e800b

--> backtrace[09] rip 000007fefe13a82d

--> backtrace[10] rip 000000007778652d

--> backtrace[11] rip 00000000779bc541

-->

2013-10-24T11:14:06.000-04:00 [00484 warning 'VpxProfiler'] ServerApp::Init [TotalTime] took 13122 ms

2013-10-24T11:14:06.001-04:00 [00484 error 'Default'] Failed to intialize VMware VirtualCenter. Shutting down...

8 Replies
dbutch1976
Hot Shot
Hot Shot
‎10-25-2013 06:07 AM

Hi guys,

I have gotten linked mode to work by using the third SSO installation option, vCenter Single Sign-On for an additional vCenter Server with a new site.

I had high hopes that SSO would be greatly improved in this version, and perhaps it is, but I can tell you in my case it has continued to be a source of frustration.  I hope other people are having better luck than I am.

Has anyone been able to get option #2 to work? vCenter Single Sign-On for an additional vCenter Server in an existing site ?

If so, did you use self-signed certificates?

One thing you guys should know, if you fail to install using option #2 you can run into an issue in which subsequent SSO installs hang while configuring SSO components.  Needless to say I got smashed hard by this error during my struggles, details here:

VMware KB: Reinstalling vCenter Single Sign-On 5.5 stops after displaying the message: Configuring S...


0 Kudos
JeffInouye
Enthusiast
Enthusiast
‎12-01-2013 08:36 PM

Hey dbutch1976,

I got into a snag for a failure on option #2.  I did a "cleanup" of the stale SSO data and I seem to be in the same loop.  How did you get find a way out of this?

Thanks,

Jeff

0 Kudos
dbutch1976
Hot Shot
Hot Shot
‎12-05-2013 12:10 PM

No, option two just didn't work for me if I recall correctly.  I'm not sure, it could just be my misunderstanding how SSO is meant to work in 5.5.   Sorry, I wish I could help, maybe someone else can chime in and explain SSO a little better?

0 Kudos
JeffInouye
Enthusiast
Enthusiast
‎12-05-2013 12:49 PM

no worries, dbutch.  I did get a cleanup script from support which I am going to give a shot and see if it resolves my issues.  known bug in the that is supposedly fixed in the latest patch release (which i will be installing).

Thanks!

Jeff

0 Kudos
lemassykoi
Contributor
Contributor
‎01-07-2014 07:48 PM

ATM, same problem, I can't use the second SSO option  vCenter Single Sign-On for an additional vCenter Server in an existing site on the second server vCenter. Only the third option is ok, but it's not what I want to do.

I use vCenter 5.5.0b (with defaults certs) on 2008 R2 with Embedded SQL Express

0 Kudos
lemassykoi
Contributor
Contributor
‎01-13-2014 10:17 AM

Okay, I replaced the defaults certificates by mine, and it's OK, linked mode ok Smiley Happy

0 Kudos
Michael_Rudloff
Enthusiast
Enthusiast
‎02-05-2014 01:00 AM

This worked for me :

VMware KB: VMware vCenter Server fails on additional sites after installing Single Sign-On in Multi-...

___ My own knowledge base made public: http://open902.com
campellos
Contributor
Contributor
‎03-12-2014 11:50 PM

It worked for me also! Thanks

0 Kudos