So the VMware KBs aren't very good on this and I am having zero luck.
This is my setup:
Windows 2012R2 DCs and CAs
CA has SHA2-256 2048 key
vCenter 6.5d
Created multiple templates to test:
2003/2003
2008/2008
2008/2003
2012/2003
2012/2008
Everything is great and amazing on my PSCs. I'm trying to do load balanced PSCs behind a Netscaler FYI.
Also everything is 6.5 appliances.
I install and configure VC and everything is going great until I load up the web-client.
BOOM:
A server error occurred.
[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - Unable to initialize, java.io.IOException: extra data given to DerValue constructor.
Check the vSphere Client server logs for details.
Now everything I have read is that this is something to do with a problem decoding the certificate, but I have no idea what else to do.
All of the endpoints are configured correctly as far as I can tell.
I actually resolved this myself. After opening a ticket with VMware, I figured it out on my own by reading multiple posts
The VMware KB for creating a template is wrong for SHA2 and it is missing a few things. I have documented these in this blog post:
https://vcpgeek.com/2017/05/22/configure-microsoft-ca-templates-for-vmware-with-sha2-256/
I actually resolved this myself. After opening a ticket with VMware, I figured it out on my own by reading multiple posts
The VMware KB for creating a template is wrong for SHA2 and it is missing a few things. I have documented these in this blog post:
https://vcpgeek.com/2017/05/22/configure-microsoft-ca-templates-for-vmware-with-sha2-256/