So I just grabbed the binaries today and started to run through the deployment.
The vApp deploys fine and the install/configuration via the configurator-va console completes without error.
I then proceed to the Web admin page to continue the setup.
After I put in my trial key and password it proceeds to step 2a "Database Connection setup"
I select the option to use the internal database and it starts to confiure it. After a few minutes the popup window closes and gives the error:
hostname in certificate didn't match: !=
Any ideas? Looks like it doesn't like the cert name (which was generated by the installer).
-M
What is your deployment architecture? Are you using a Horizon FQDN name that is different from gateway-va hostname?
Where does the Horizon FQDN point to? If it is a load balancer, what kind of SSL certs do you have on that machine?
No ssl load balancer or any special setup. This is a setup in a lab and I did a very plain setup.
I did configure all the DNS and reverse IP's as per the docs (the initial vApp config verifies this early on)
After that I'm simply puting the hostname in the browser. I'm not using any other DNS names besides the host names.
-M
Ditto, I've run into the same issue.
My setup is also simple:
I did wonder that if the workspace.domain.net might be causing the problem so I deleted the DNS record then tried the wizard again but it failed immediately stating that it couldn't communicate with workspace.domain.net.
I put it back and had the idea that I'd check the workspace.domain.net in a web browser to see what certificate it returned and it returned gateway-va.domain.net. I begining to working if my failure to RTFM caused thte problem so I might try deploying from OVA tomorrow if I get time.
Quick question: In the command-line configurator setup UI, did you set the Horizon FQDN to workspace.domain.net?
If so, that is good, then you can use that URL to access the workspace.
Still, as the gateway-va IP address has two hostnames now, we need to regenerate the certs. Please run the following commands:
On configurator-va, as root
cd /usr/local/horizon/lib/menu/secure
./wizardssl.hzn --makesslcert gateway-va <FQDN>
./wizardssl.hzn
Your fix worked. It's odd that if they would want you to pick a permenant FQDN for the gateway-va for external/internal access but not fix this certificate as a part of the setup (that or I misundertand the configuration guide).
Thanks for your help.
No, you didn't misunderstand the configuration guide. We optimized the certs to work for the case of a real load balancer externally. We completely understand that you may just make the gateway-va the fqdn first and then move it to a load balancer later.
We are trying to make the certs work in that case, in a near future release. Till then, we have to use this workaround.
What do you mean you optimized the certs for an external load balancer? I've added my public ca certs and keys to my load balancer but when I use the fqdn I entered during the install it just redirects me to the configurator-va. How do you make this work properly with a load balancer? The docs say when using one not to install the cert/key on any VMs at all. So confused...
What is the problem you are seeing? Were you able to complete the configurator web UI set up wizard successfully?
No, I get failed to create admin user peer not connected.
During install I set the fqdn to horizon.mycompany.com<http://horizon.mycompany.com>, added the rootCA to my F5 and started the web setup.
I'm getting this same error today at point 2a: Database Connection Setup, select internal database and after a couple of minutes Error Creating Admin User. hostname in certificate didn't match: !=
run through the process using the FQDN assigned for the gateway-va but problem persists.
P
Got through all that, now I'm getting:
Error while testing DB connection.
DB Connection Test Failed.
Right after it told me that the connection to the database server was successful. My monitor currently has a fist size hole through it.
@JasonMTodd
can you send me the logs from configurator-va - /opt/vmware/horizon/configuratorinstance/logs/configurator.log
and from service-va - /opt/vmware/horizon/horizoninstance/logs/horizon.log
How can I enable sftp on the server? I can’t pull the log files off.
You can use the free utility WinSCP to use the SCP protocol to attach to the appliance and grab the files you need.
I can log in to the server as root, but it denies access with scp with the same root account and password. Is there a different account for scp? I have also tried scp command on my linux laptop and the server denies access.
Root is by default not allowed SSH access. Only SSHUSER has SSH access. You can SSH using SSHUSER and then use su- to get root access.
To enable root SSH access please look at this blog post: http://blogs.vmware.com/horizontech/2013/03/how-to-enable-ssh-in-horizon-workspace-virtual-appliance...
cid:image001.png@01CE34FF.ADC867A0
Should I chmod that directory and add permission?
For reference. If i need to grab log files for support, I ssh to the appliance and tar up the files and put them in the tmp directory. The sshuser has rights to view those files so you can grab those with SCP.