Fail to Custom install Web Client 5.5

Fail to Custom install Web Client 5.5

I have a fresh custom installing Vcenter 5.5 with custom SQL Server installed, I can installed SSO 5.5, but cannot install Web Client and find error, pleas see below picture:

Environment: 1) 1 x ESXi 5.5

                    2) 1 x Vcenter ( CPU: 1, RAM: 10GB , Harddisk: 100GB )this is VM, locate in the ESXi 5.5

Vcenter 5.5 OS: Windows Server 2008 r2 64bits (installed)

                  Database: SQL Server 2008 Standard 64 bits (installed)

                  SSO 5.5 - installed successfully

Problem: When installing Web Client 5.5, i input the SSO administrator password in the wizard, and confirm the FQDN is work, click next, the a prompt occurs as below

fail to register SSO.png

ping the vcenter FQDN and ip : ok

nslookup the vcenter by FQDN and reverse lookup ip : ok, can return ip and hostname

I also can access SSO page by https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk

access SSO.png

1) The following is the log of  vm_ssoreg


[2013-12-18 11:21:10,995 main  DEBUG com.vmware.vim.install.cli.RegTool] $Id: //depot/vicore/vicore-2013-rel/regtool/viregtool/src/main/java/com/vmware/vim/install/cli/RegTool.java#4 $

[2013-12-18 11:21:10,997 main  DEBUG com.vmware.vim.install.cli.RegTool] Executing command: checkVersion -d https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk --version-number 1.5

[2013-12-18 11:21:11,085 main  INFO  com.vmware.vim.install.impl.RegistrationProviderImpl] Intializing registration provider...

[2013-12-18 11:21:11,821 main  DEBUG com.vmware.vim.install.impl.LookupServiceAccess] Creating VMODL client for LookupService

[2013-12-18 11:21:11,828 main  INFO  com.vmware.vim.install.impl.CertificateGetter] Getting SSL certificates for https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk

[2013-12-18 11:21:12,491 main  DEBUG com.vmware.vim.install.impl.CertificateGetter] Establishing socket connection to tpesxc_testvc1.corp.test.com/10.64.2.195:7444. Timeout is 60000

[2013-12-18 11:21:12,845 main  ERROR com.vmware.vim.install.cli.commands.CommandArgumentsParser] Host name may not be null

[2013-12-18 11:21:12,846 main  INFO  com.vmware.vim.install.cli.RegTool] Return code is: InvalidInput

[2013-12-18 11:21:13,468 main  DEBUG com.vmware.vim.install.cli.RegTool] $Id: //depot/vicore/vicore-2013-rel/regtool/viregtool/src/main/java/com/vmware/vim/install/cli/RegTool.java#4 $

[2013-12-18 11:21:13,471 main  DEBUG com.vmware.vim.install.cli.RegTool] Executing command: checkVersion -d https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk --version-number 1.5 -c C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\certs\

[2013-12-18 11:21:13,530 main  INFO  com.vmware.vim.install.impl.RegistrationProviderImpl] Intializing registration provider...

[2013-12-18 11:21:14,277 main  DEBUG com.vmware.vim.install.impl.LookupServiceAccess] Creating VMODL client for LookupService

[2013-12-18 11:21:14,284 main  INFO  com.vmware.vim.install.impl.CertificateGetter] Getting SSL certificates for https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk

[2013-12-18 11:21:15,070 main  DEBUG com.vmware.vim.install.impl.CertificateGetter] Establishing socket connection to tpesxc_testvc1.corp.test.com/10.64.2.195:7444. Timeout is 60000

[2013-12-18 11:21:15,536 main  ERROR com.vmware.vim.install.cli.commands.CommandArgumentsParser] Host name may not be null

[2013-12-18 11:21:15,537 main  INFO  com.vmware.vim.install.cli.RegTool] Return code is: InvalidInput

2) The following is the log of vminst

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 Begin Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 --- CA exec: VMOneInstanceRunning

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 Getting Property VM_OneInstanceRunning = VMware vSphere Web Client;25129

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 IsProcessesProductNameUnique::ProductName: VMware vSphere Web Client

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 GetModuleName::GetModuleBaseName Error: 6

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 GetModuleName::GetModuleBaseName Error: 6

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 IsProcessesProductNameUnique::done Res: More instances running

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 Getting Property UILevel = 5

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 Getting Property UILevel = 5

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:40 Getting Property ProductName = VMware vSphere Web Client

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:48 VMOneInstanceRunning::Error: 25129

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:48 End Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Begin Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 --- CA exec: VMCheckINSTALLDIR

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Setting property InstallDirOK =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Getting Property _BrowseProperty =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Getting Property INSTALLDIR = C:\Program Files\VMware\Infrastructure\

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Found "C:\Program Files\VMware\Infrastructure\"

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Did not find file/directory: "C:\Program Files\VMware\Infrastructure\vpxClient.exe"

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 MsiUtil_GetPropertyStringW::Property: INSTALLDIR

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 MsiUtil_GetPropertyStringW::done [INSTALLDIR]=C Len: 39

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Getting Property VersionNT64 = 601

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Getting Property DB_DRIVER_TYPE =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Getting Property ProgramFiles64Folder = C:\Program Files\

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Setting property InstallDirOK = 1

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 End Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Begin Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 --- CA exec: VMCheckSpecialCharInstalldir

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Getting Property INSTALLDIR = C:\Program Files\VMware\Infrastructure\

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 Setting property WebClientInstDirOK = 1

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:58 End Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Begin Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 --- CA exec: VMValidateSerenityPorts

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Setting property PortSettingsOK =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property HTTPS_PORT = 9443

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property HTTPS_PORT_OLD =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Min 1, Max 65535, Actual 9443

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 port 9443 is OK!

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property HTTP_PORT = 9090

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property HTTP_PORT_OLD =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Min 1, Max 65535, Actual 9090

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 port 9090 is OK!

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property JMX_PORT = 9875

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property JMX_PORT_OLD =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Min 1, Max 65535, Actual 9875

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 port 9875 is OK!

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property AJP_PORT = 9009

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Getting Property AJP_PORT_OLD =

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Min 1, Max 65535, Actual 9009

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 port 9009 is OK!

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 --Function : IdenticalPortsExist

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 Setting property PortSettingsOK = 1

VMware vSphere Web Client-build-1304121: 12/18/13 11:20:59 End Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Begin Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 --- CA exec: VMValidateSSOLookupServiceInput

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Setting property SSO_InputOK = 0

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_ADMIN_USER = administrator@vsphere.local

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property VC_ADMIN_USER =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_SOLUTION_NAME = WebClient_2013.12.18_111740

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property LS_URL = https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property ShowRegWarnings =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SUPPORTDIR = C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property TempFolder = C:\Users\TOMMYA~1\AppData\Local\Temp\

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property VC_ADMIN_IS_GROUP =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property COMPUTER_FQDN = tpesxc_testvc1.corp.test.com

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSL_DATA_DIR = C:\ProgramData\vmware\vSphere Web Client\ssl\

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_LSVERSION = 1.5

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_LS_FINGERPRINT =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Setting property SSO_InputOK = 1

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Returning from VMValidateSSOLookupServiceInput

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 End Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Begin Logging

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 --- CA exec: VMCheckLSVersionAndGetCerts

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Setting property LS_SSL_CERTIFICATES_DOWNLOADED = 0

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_ADMIN_USER = administrator@vsphere.local

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property VC_ADMIN_USER =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_SOLUTION_NAME = WebClient_2013.12.18_111740

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property LS_URL = https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property ShowRegWarnings =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SUPPORTDIR = C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property TempFolder = C:\Users\TOMMYA~1\AppData\Local\Temp\

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property VC_ADMIN_IS_GROUP =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property COMPUTER_FQDN = tpesxc_testvc1.corp.test.com

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSL_DATA_DIR = C:\ProgramData\vmware\vSphere Web Client\ssl\

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_LSVERSION = 1.5

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SSO_LS_FINGERPRINT =

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Fetched property values

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Getting Property SUPPORTDIR = C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Util_GetShortPath

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Long path: C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1 and crossponding Short path: C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 CSsoRegistration::IsSsoVersionLower::Executing following command:

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\jre\bin\java.exe -cp "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1\*;C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1" -jar "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1\regtool.jar" checkVersion -d https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk --version-number 1.5

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Launching without console output capture.

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Util_Launch::Wait: 1 Hide: 1 TimeOut: -1

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:10 Found "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\jre\bin\java.exe"

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Process returned 4294967294

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Util_Launch::done Res: 1

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Return code is -2 (successful operation however may not necessarily need return code 0).

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 SSO Registration tool launched

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 SSO registration tool failed with return code -2

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Please see vm_ssoreg.log in system temporary folder

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Lookup Service version validation was successful (version 1.5)

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Did not find file/directory: "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\certs\"

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Creating temporary folder to hold certificates at C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\certs\

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Downloading LS SSL Certificates...

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 CSsoRegistration::DownloadLSCertificates::Executing following command:

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\jre\bin\java.exe -cp "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1\*;C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1" -jar "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A940~1\SSOREG~1\regtool.jar" checkVersion -d https://tpesxc_testvc1.corp.test.com:7444/lookupservice/sdk --version-number 1.5 -c C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\certs\

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Launching without console output capture.

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Util_Launch::Wait: 1 Hide: 1 TimeOut: -1

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:12 Found "C:\Users\TOMMYA~1\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\jre\bin\java.exe"

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Process returned 4294967294

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Util_Launch::done Res: 1

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Return code is -2 (successful operation however may not necessarily need return code 0).

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 SSO Registration tool launched

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 SSO registration tool failed with return code -2

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Please see vm_ssoreg.log in system temporary folder

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Lookup Service certificate download failed with return code -2 Res: 29113

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Getting Property UILevel = 5

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Getting Property UILevel = 5

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:15 Getting Property ProductName = VMware vSphere Web Client

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:31 Returning from VMCheckLSVersionAndGetCerts

VMware vSphere Web Client-build-1304121: 12/18/13 11:21:31 End Logging

No certs found in user profile Temp folder.png

No certs in the userprofile\AppData\Local\Temp\{0A94097F-6DE2-484D-A2B2-ADAF51CC3FDF}\

sso cert in ProgramData.png

Only found sso cert in C:\ProgramData\VMware\CIS\cfg\vmware-sso\


It seems the Web Client cannot download Lookup Service Certificate from SSO, is it true? Where is the location of Lookup Service Certificate? Or have another cause? Anyone can help to solve this problem?

0 Kudos
Comments
jishnust
‎12-18-2013 06:21 PM
‎12-18-2013 06:21 PM

Could you attach the certificate of vcenter here.

From the browser you can click on the certificate error box, and view certificate.

Once you opened it in the details tab, you will have copy to file option. save it with crt extension and attach here.

vmfans88
‎12-18-2013 09:50 PM
‎12-18-2013 09:50 PM

When i click the "copy to file" button, it show a Export Wizard, but there is no option to save as crt extension. Secondly, how to fix the root cert trust problem?

jishnust
‎12-19-2013 01:48 AM
‎12-19-2013 01:48 AM

In  the same export wizard you need to choose base-64 and proceed.

Root certificate trust would not be an issue here, it is a CA certificate created at the time of installation, it is expected to be not trusted. To make it trust, Clock on the view certificate button as in the last screenshot.

From the root certificate, go to details tab, copy to file, choose base-64 format.

Open certificate mmc snapin for "local computer", import the certificate you just exported under trusted root certification authorities folder..

vmfans88
‎12-20-2013 09:25 AM
‎12-20-2013 09:25 AM

i can export the certificate of vcenter successfully, but there is some error after imported the cert to the "trusted root certification authorities folder". It prompted as captured, i got same SSO register error when reinstall the Web Client after imported the cert. Any tips?

jishnust
‎12-20-2013 09:33 AM
‎12-20-2013 09:33 AM

Not the ssoserver certificate, the CA certificate should go to trusted root store.

Open ssoserver certificate, goto certification path tab, select the CA certificate, click on view certificate.

from there goto details tab, copy to file, choose base64, and import that certificate to trusted root store.

vmfans88
‎12-26-2013 09:44 PM
‎12-26-2013 09:44 PM

I imported the CA cert to the trusted root certification authorities folder, and installed sso cert ,


When i goto SSO lookup service link, it show cert Mismatched Address, then i refreshed the page, it shows "The XML page cannot be displayed" Please see the captures


I re-installed Web Client but still fail, same error occurs, is there something missing?


No cert error when input FQDN to SSO link

jishnust
‎12-27-2013 09:57 AM
‎12-27-2013 09:57 AM

Certificate should contain the name/IP address used by the client under subject or Subject Alternative name.

vmfans88
‎12-28-2013 09:07 AM
‎12-28-2013 09:07 AM

Do you have this example or capture?

jishnust
‎12-28-2013 05:46 PM
‎12-28-2013 05:46 PM

It would like this:

Standard for adding  IP address  certificate is as shown below, However in internet explorer this certificate will still generate error saying certificate issued to another URL if IP address used to browse. Somehow internet explorer want IP address also added as DNS Name.

vmfans88
‎12-29-2013 11:31 PM
‎12-29-2013 11:31 PM

1. Is it correct setting for my sso cert Subject field and Subject Alternative Name? Or this is not related to my sso register issue?

2. Actually, how can i fix the SSO register problem when i install the web client ? Or any log i can give you to review?

I confirm time sync correct between this sso server and domain controller.

jishnust
‎12-30-2013 09:38 AM
‎12-30-2013 09:38 AM

It is missing the fqdn, and fqdn makes up the lookupservice URL for you.

Try using the SSL automation tool, get the certificates replaced and see.

jishnust
‎12-30-2013 03:44 PM
‎12-30-2013 03:44 PM

Does your administrator@vsphere.local password starts with the – character, such as –P@ssw0rd.?

vmfans88
‎12-30-2013 10:14 PM
‎12-30-2013 10:14 PM

1. This is a fresh install of Vcenter 5.5, it is not a upgrade, can it use SSL automation tool? If so, do you have link for these steps?

2. the password for administrator@vsphere.local : P@ssw0rd

jishnust
‎12-31-2013 09:47 AM
‎12-31-2013 09:47 AM

KB: 2057340 also along with the tool you would get a manual document.

vmfans88
‎01-01-2014 11:35 PM
‎01-01-2014 11:35 PM

Regarding to KB 2044696, it teach use Microsoft CA to create certificate request,but ref to step 6,  there is missing "Certificate template" drop down box to select appropriate Web Server Template. Can you have solution and which Template should select?

The above is example of CA submit certificate with Certificate Template for your reference.

For Microsoft CAs, to create each certificate request:

Note: Based on the requirements of the key, ensure that the WebServer Template has been copied to allow for encryption of user data. This can be normally found in Certificate Manager > Extensions > Key Usage > Allow encryption of user data.

  1. Log into the Microsoft CA certificate authority Web interface. By default, it is http://servername/CertSrv/.
  2. Click the Request a certificate link.
  3. Click advanced certificate request.
  4. Click the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file link.
  5. Open the certificate request in a plain text editor and paste the text from the Begin to the End request into the Saved Request box:

    -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST-----

    Note: Do not copy the actual -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST-----. Only copy the text in between these lines. You may see = (equal) signs near the Begin and End lines (for example, ==-----END). In this case, you must copy the = (equal) signs.

  6. Select the Certificate Template as the appropriate Web Server template. This is generally a copy of the Web Server Template withAllow encryption of user data setting set.
  7. Click Submit to submit the request.
  8. Click Base 64 encoded on the Certificate issued screen.
  9. Click the Download Certificate link.
  10. Save the certificate as rui.crt in the appropriate c:\certs\<service> folder.
  11. Repeat steps 2 to 10 for each additional service.
  12. Navigate back to the home page of the certificate server and click Download a CA certificate, certificate chain or CRL.
  13. Click the Base 64 option.
  14. Click the Download CA Certificate chain link.
  15. Save the certificate chain as cachain.p7b in the c:\certs folder.
  16. Double-click the cachain.p7b file and navigate to C:\certs\cachain.p7b > Certificates.
  17. Right-click the certificate listed and click All Tasks > Export.
  18. Click Next.
  19. Select Base-64 encoded X.509 (.CER), then click Next.
  20. Save the export to C:\certs\Root64.cer and click Next.
jishnust
‎01-02-2014 09:39 AM
‎01-02-2014 09:39 AM

Not sure how you got into a CA installation like this:

Try this and see templates are available to select.

If the web enrollment taking time to refresh the list of templates you can use this command example to generate certificate:

Certreq -submit -attrib "certificateTemplate: template" vcenter.csr vcenter.cer

Version history
Revision #:
1 of 1
Last update:
‎12-17-2013 09:28 PM
Updated by:
Contributor
 
View Article History