VMware Cloud Community
derhoeppi
Contributor
Contributor
‎04-11-2013 01:52 AM

vCloud 5.1 console connection with vmrc plugin

Hi,

i have a mistake in a vcloud console connection. My admin client with vsphere client, vmware view client and so on has no connection problem with the vCD. To test the vCD for my guest i installed a new windows 7 client to access the vCD. The Windows 7 client has installed Flash Player and the VMRC-Plugin for vCD. If i connect from the Windows 7 client to the vCD and open a console connection i would see a black windows with the status waiting for connection. After a few seconds change the status to not connected. The client is in the same subnet as my admin client - there is no firewall between the clients and the vCD.

I read many about the proxy interface of the vCD but i don't understand the difference between my admin client and Windows 7 client.

Has anybode some ideas? 

0 Kudos
8 Replies
chunter1977
Contributor
Contributor
‎04-11-2013 02:30 AM

Could you post your logs please?  It is most likely a certificate error.

0 Kudos
derhoeppi
Contributor
Contributor
‎04-11-2013 03:30 AM

Hi,

i have attached the debug.log file.

vcloud-container-debug.log
0 Kudos
iceman76
Enthusiast
Enthusiast
‎04-12-2013 12:30 AM

Can you provide the client-logs, too ? Location of the Logfiles is describe here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200107...

0 Kudos
derhoeppi
Contributor
Contributor
‎04-12-2013 02:36 AM

Hi,

i also attache the client logs. The plugin log has an entry "Getting proxy for URL failed, rc=12180". Can i ignore this or?

vmware-vmrc-3508-3872.log
vmware-vmrc-3508-3236.log
plugin-3508.log
0 Kudos
iceman76
Enthusiast
Enthusiast
‎04-12-2013 02:57 AM

As chunter already indicated it has something to do with SSL

2013-04-11T09:26:45.495+02:00| vmrc| W110: SSL_IsVerifyEnabled: failed to open the product registry key. Falling back to default behavior: verification on. LastError = 0
2013-04-11T09:26:57.448+02:00| vmrc| I120: CertificateCheck::CheckCertEmbedded: allowSSLErrors: true
2013-04-11T09:26:57.448+02:00| vmrc| I120: CertificateCheck::CheckCertEmbedded: Found the following errors for 10.0.49.151's SSL certificate: {
2013-04-11T09:26:57.448+02:00| vmrc| I120:   - 134217859
2013-04-11T09:26:57.448+02:00| vmrc| I120:   - The certificate is based on an untrusted root.
2013-04-11T09:26:57.448+02:00| vmrc| I120:   - A certificate in the host's chain is based on an untrusted root.
2013-04-11T09:26:57.448+02:00| vmrc| I120:   - The host name used for the connection does not match the subject name on the host certificate.
2013-04-11T09:26:57.448+02:00| vmrc| I120:   - The host's certificate is self-signed.
2013-04-11T09:26:57.448+02:00| vmrc| I120: }
2013-04-11T09:26:57.448+02:00| vmrc| I120: cui::CertificateCheck::CheckCertEmbedded - thumbprint for "10.0.49.151" OK
2013-04-11T09:26:57.510+02:00| vmrc| I120: cui::vmrc::VMCnx::OnConnectAborted: Connect failed for MOID "vm-708" on "10.0.49.151"
2013-04-11T09:26:57.510+02:00| vmrc| I120: cui::vmrc::VMCnxMgr::EmitConnectionStateSignal: Emitting "disconnected" signal (requested) for MOID "vm-708" on "10.0.49.151" - reason 'A secure connection to the server could not be established'

You have to use a trusted certificate for the console proxy. Buy one, or make your system trust the certificate authority. I would give it a try and import the Root-CA to the Trusted Root CA on the client computer.

For a  production/public cloud solution a official certificate is must.

0 Kudos
derhoeppi
Contributor
Contributor
‎04-12-2013 06:39 AM

Hi,

now i created a new self signed SSL certificate. The browser shows a trusted webside but only a black console screen. My vCD has two nics (1. nic IP: 10.0.49.150 = http / 2. nic IP: 10.0.49.151 = consoleproxy). I created a DNS entry for the first nic (vcd.test.tc). The certificate for the second nic has the same values as the certificate for the first nic. Should i create a second dns entry for consoleproxy with other values for ssl certificate? 

0 Kudos
cdhunter
Enthusiast
Enthusiast
‎04-12-2013 03:58 PM

Yes and add all entries to host file on local Computer

0 Kudos
iceman76
Enthusiast
Enthusiast
‎04-15-2013 12:47 AM

You need create the CSR for consoleproxy with the correct FQDN of the consoleproxy. And you have to access it by the FQDN. I don't know if it is possible to add subject alternative names to the CSR. If yes, it could be possible to access it by IP and FQDN. Be sure that you import the Root Certificate of your CA into the keystore. The installation guide describes that very well.

http://pubs.vmware.com/vcd-51/topic/com.vmware.ICbase/PDF/vcd_51_install.pdf

Page 16 ff

0 Kudos