Hi,
i have a mistake in a vcloud console connection. My admin client with vsphere client, vmware view client and so on has no connection problem with the vCD. To test the vCD for my guest i installed a new windows 7 client to access the vCD. The Windows 7 client has installed Flash Player and the VMRC-Plugin for vCD. If i connect from the Windows 7 client to the vCD and open a console connection i would see a black windows with the status waiting for connection. After a few seconds change the status to not connected. The client is in the same subnet as my admin client - there is no firewall between the clients and the vCD.
I read many about the proxy interface of the vCD but i don't understand the difference between my admin client and Windows 7 client.
Has anybode some ideas?
Could you post your logs please? It is most likely a certificate error.
Can you provide the client-logs, too ? Location of the Logfiles is describe here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200107...
As chunter already indicated it has something to do with SSL
2013-04-11T09:26:45.495+02:00| vmrc| W110: SSL_IsVerifyEnabled: failed to open the product registry key. Falling back to default behavior: verification on. LastError = 0
2013-04-11T09:26:57.448+02:00| vmrc| I120: CertificateCheck::CheckCertEmbedded: allowSSLErrors: true
2013-04-11T09:26:57.448+02:00| vmrc| I120: CertificateCheck::CheckCertEmbedded: Found the following errors for 10.0.49.151's SSL certificate: {
2013-04-11T09:26:57.448+02:00| vmrc| I120: - 134217859
2013-04-11T09:26:57.448+02:00| vmrc| I120: - The certificate is based on an untrusted root.
2013-04-11T09:26:57.448+02:00| vmrc| I120: - A certificate in the host's chain is based on an untrusted root.
2013-04-11T09:26:57.448+02:00| vmrc| I120: - The host name used for the connection does not match the subject name on the host certificate.
2013-04-11T09:26:57.448+02:00| vmrc| I120: - The host's certificate is self-signed.
2013-04-11T09:26:57.448+02:00| vmrc| I120: }
2013-04-11T09:26:57.448+02:00| vmrc| I120: cui::CertificateCheck::CheckCertEmbedded - thumbprint for "10.0.49.151" OK
2013-04-11T09:26:57.510+02:00| vmrc| I120: cui::vmrc::VMCnx::OnConnectAborted: Connect failed for MOID "vm-708" on "10.0.49.151"
2013-04-11T09:26:57.510+02:00| vmrc| I120: cui::vmrc::VMCnxMgr::EmitConnectionStateSignal: Emitting "disconnected" signal (requested) for MOID "vm-708" on "10.0.49.151" - reason 'A secure connection to the server could not be established'
You have to use a trusted certificate for the console proxy. Buy one, or make your system trust the certificate authority. I would give it a try and import the Root-CA to the Trusted Root CA on the client computer.
For a production/public cloud solution a official certificate is must.
Hi,
now i created a new self signed SSL certificate. The browser shows a trusted webside but only a black console screen. My vCD has two nics (1. nic IP: 10.0.49.150 = http / 2. nic IP: 10.0.49.151 = consoleproxy). I created a DNS entry for the first nic (vcd.test.tc). The certificate for the second nic has the same values as the certificate for the first nic. Should i create a second dns entry for consoleproxy with other values for ssl certificate?
Yes and add all entries to host file on local Computer
You need create the CSR for consoleproxy with the correct FQDN of the consoleproxy. And you have to access it by the FQDN. I don't know if it is possible to add subject alternative names to the CSR. If yes, it could be possible to access it by IP and FQDN. Be sure that you import the Root Certificate of your CA into the keystore. The installation guide describes that very well.
http://pubs.vmware.com/vcd-51/topic/com.vmware.ICbase/PDF/vcd_51_install.pdf
Page 16 ff