VMware Cloud Community
JimKnopf99
Commander
Commander

vCenter SSO HA and WebClient

Hi,

i am struggling during the installation of our new 5.1a version. I wan´t to configure a SSO HA Cluster and following the KB article

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203358...

Also we configured a apache web service linked in that kb.

Everything works fine until i wan´t to login the first time on my webclient.

We have our own ca and i create a new certificate for the apache. That work fine as well. I also create a pem certificate wiht our root ca, sub ca and the apache ca described here.

http://www.digicert.com/ssl-support/pem-ssl-creation.htm

We are using the installed version of the vCenter. Note the appliance!

This issue describe here is, i guess, something different

http://www.virtual-blog.com/2012/09/failed-to-connect-to-vmware-lookup-service/

I´m getting the error you could see in the picture.

I am not amused about the installation process to get a SSO HA Cluster to work, because it don´t work ;-(. I know there are a lot of blogs on the web. I read some of them like the one from Derek Seaman how to install. But i am not able to get it.

Any ideas how to get that work?

And also did someone know how to configure a inventory server ha? So that i could point to that adress during the vcenter installation?

Thanks a lot.

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
4 Replies
JimKnopf99
Commander
Commander

Hi,

i could resolve the first issue with the sso login while copy the three cer files (rootca, subca and sso ha webserver certificate) to the following folder

C:\ProgramData\VMware\SSL

Now, i am able to login to the web client. Next step is to integrate the vCenter Server to the lookup service.....

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
CRad14
Hot Shot
Hot Shot

Were you ever able to get in into the lookup service?

Conrad www.vnoob.com | @vNoob | If I or anyone else is helpful to you make sure you mark their posts as such! 🙂
Reply
0 Kudos
JimKnopf99
Commander
Commander

Hi,

yes, but i am just working on it. As soon as i know the how to, i give some more information.

Give me one or two more days.

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
JimKnopf99
Commander
Commander

Hi,

i am getting the vCenter Server installed, but i have to much trouble wiht my userlogins. I don´t know why, but some user could and other could not login. It doesn´t matter if i use the vspher client or the webclient.

I installed this piece of sotftware many times. But i do not get it to run smootlhly. I don´t have any ideas and i don´t have any passion to install it a xxx time.

I use the following ressources. Thanks to the guys that write down there knowledge.

http://derek858.blogspot.de/2012/09/vmware-vcenter-51-installation-part-1.html

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=203358...

http://blogs.vmware.com/kb/2012/10/vsphere-sso-resources.html

What i found in the sso log (imsTrace.log)

----Error while trying to generate RequestSecurityTokenResponse

----ERROR, server.domain,,,,The user state is not valid

----com.rsa.riat.ws.security.trust.authn.AuthnPluginException: Authentication Failed

----Cannot find the user based on certificate DN: OU=VMware vSphere Client Temporary Certificate,O=VMware vSphere Client,C=AU

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos