Hello,
I am trying to install vCAC 6 but when I try to connect the vCAC to SSO I always get this error:
Error communicating to the remote server https://sso.demo.local:7444/sts/STSService/vsphere.local
Do you have any ideas?
Thank you.
Hi,
According to the documentation you need to replace the SSL certificate.
Check here :vCloud Automation Center Documentation
Hope it helps,
Regards,
Julien.
Hi cloerner, I suffered the same error all afternoon, tried everything . no good. Finally blew away both identy and vcac appliances , redeployed, and did exactly what this guy did and it worked ( slight differences as his was a beta install ).
I did not play with time synchronization at all second time round. Comparing what didnt work to what did, apart from not configuring time I also used a password for the appliance without a "@" in it second time round ( have had troubles before with that ).
I did generate self signed certs. The SSO domain could not be changed from vsphere .local so dont worry about that. I used IE9. Hope that helps.
Cheers,
Peter G
Hello.
I tried everything. Generated new certificates, Redeployed the appliances. Everything with no luck.
Any other ideas?
Thank you.
I have a similar issue. I am unable to get the vCAC appliance to connect to SSO. I have tried redeploying, generating new certs, etc. I just get Invalid SSO Configuration. In a tail of /var/log/messages I see the following when I try to save the SSO settings
-----------------------
2013-12-12T16:25:39.975410+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Processing request
2013-12-12T16:25:39.975855+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Authenticating with sfcb server.
2013-12-12T16:25:39.975916+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info user:root
2013-12-12T16:25:39.983614+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Authenticated user: root successfully
2013-12-12T16:25:39.983630+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info locale=en-US, id=ssoUpdate, action=submit, controller=<type 'instance'>
2013-12-12T16:25:39.983635+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Executing shell command with args: ['/usr/sbin/vcac-vami', 'host', 'info']
2013-12-12T16:25:39.994859+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Result from command: ---BEGIN---#012pvvapzz033.directv.com#012---END---
2013-12-12T16:25:39.994874+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Returned vCAC host: pvvapzz033.directv.com
2013-12-12T16:25:40.015425+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Executing shell command with args: ['/usr/sbin/vcac-config', '-v', 'certificate-check', '--url', 'pvvapzz032.directv.com:7444', '--key-store-file', '/usr/java/jre-vmware/lib/security/cacerts']
2013-12-12T16:25:41.753448+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Result from command: 1.004: [GC1.004: [ParNew: 34240K->4224K(38464K), 0.0249350 secs] 34240K->5700K(123840K), 0.0250200 secs] [Times: user=0.04 sys=0.00, real=0.03 secs] #0121.632: [GC1.632: [ParNew: 38464K->4224K(38464K), 0.0416460 secs] 39940K->10701K(123840K), 0.0417120 secs] [Times: user=0.06 sys=0.00, real=0.04 secs] #012---BEGIN---#012{"valid":false,"subject":"CN=pvvapzz032.directv.com:7444,OU=IT,O=DIRECTV,C=US","sha1":"09 07 F6 F8 A8 62 22 82 FD 29 12 E1 8B 45 6D D2 A7 E8 EB FE"}#012---END---#012Heap#012 par new generation total 38464K, used 8261K [0x00000000c0000000, 0x00000000c29b0000, 0x00000000caaa0000)#012 eden space 34240K, 11% used [0x00000000c0000000, 0x00000000c03f1698, 0x00000000c2170000)#012 from space 4224K, 100% used [0x00000000c2170000, 0x00000000c2590000, 0x00000000c2590000)#012 to space 4224K, 0% used [0x00000000c2590000, 0x00000000c2590000, 0x00000000c29b0000)#012 concurrent mark-sweep generation total 85376K, used 6477K [0x00000000caaa0000, 0x00000000cfe00000, 0x00000000e0000000)#012 concurrent-mark-sweep perm gen total 262144K, used 12506K [0x00000000e0000000, 0x00000000f0000000, 0x0000000100000000)
---------------------------
I fixed it:
I regenerated the SSL certificates and I entered the FQDN in the Common Name field. Not CN=something, but just FQDN like sso@demo.local
This worked for me.
sso@demo.local or sso.demo.local? I have tried the FQDN on the certs and that has not worked for me either.
Sorry. sso.demo.local of course.
I am able to connect the beta vCAC appliance to the GA identity appliance so it looks like my issue is with the GA vCAC appliance.
I resolved my issue. The problem was that I was using firefox to do the config. Apparently there is a popup to confirm that you are using an untrusted certificate and firefox does not display this. Using chrome i was able to see and accept the popup and sso configured successfully.
cool, in the vimeo video the other difference ( from the install guide ) was the common name, maybe that's the key.
I got this issue resolved in my lab environment by fixing the issue of Host name resolution .
I figured out the my vCAC server is not resolving vCAC-SSO server`s FQDN which is actually mandatory for SSO working.
After editing /etc/hosts file & adding IP information for vCAC-SSO server i got it working.
Cheers
Hope this might help for people who are trying it out in small lab environment,
Br,
MG
Check that your SSL certificate is equal to the FQDN of Identity appliance. That worked for me.
This link solved my problem: vCloud Automation Center Documentation
This link solved my problem: vCloud Automation Center Documentation
Also worked for me, replace the Common Name with the FQDN of the Identity Appliance host. No cn=[hostname],O=[org], OU=[orgunit] or anything, just "via0.lab.net" or wherever your VIA is running.
One of our SE's wrote up a nice blog on the cert configuration as well:
http://www.vmtocloud.com/vcac-6-ssl-configuration-gotcha/
Remember not to use an '@' in the SSO Administrator password, otherwise you will get this error when connecting the vCAC Appliance to SSO. Also you can't change the SSO Admin password later, afaik so it's important to get it right during first config.
thanks very much it really helped !!!
Je suis actuellement absent, sans accès à mes mails.
Je serai de retour le 21/01.
En cas d'urgence, merci de contacter Pierre Fumery (pierre.fumery@bull.net)
Thanks for the tip, switching the browser from Firefox to Chrome fixed my issue as well.