VMware Cloud Community
cloerner
Enthusiast
Enthusiast

vCAC6: Error connecting to SSO

Hello,

I am trying to install vCAC 6 but when I try to connect the vCAC to SSO I always get this error:


Error communicating to the remote server https://sso.demo.local:7444/sts/STSService/vsphere.local


Do you have any ideas?

Thank you.

20 Replies
julienvarela
Commander
Commander

Hi,

According to the documentation you need to replace the SSL certificate.

Check here :vCloud Automation Center Documentation

Hope it helps,

Regards,

Julien.

Regards, J.Varela http://vthink.fr
secops
Contributor
Contributor

Hi cloerner, I suffered the same error all afternoon, tried everything . no good. Finally blew away both identy and vcac appliances , redeployed, and did exactly what this guy did and it worked  ( slight differences as his was a beta install ).

I did not play with time synchronization at all second time round. Comparing what didnt work to what did, apart from not configuring time I also used a password for the appliance without a "@" in it second time round ( have had troubles before with that ).

I did generate self signed certs. The SSO domain could not be changed from vsphere .local so dont worry about that. I used IE9. Hope that helps.

http://vimeo.com/77531956

Cheers,

Peter G

Reply
0 Kudos
cloerner
Enthusiast
Enthusiast

Hello.

I tried everything. Generated new certificates, Redeployed the appliances. Everything with no luck.

Any other ideas?

Thank you.

Reply
0 Kudos
bhoriuchi
Enthusiast
Enthusiast

I have a similar issue. I am unable to get the vCAC appliance to connect to SSO. I have tried redeploying, generating new certs, etc. I just get Invalid SSO Configuration. In a tail of /var/log/messages I see the following when I try to save the SSO settings

-----------------------

2013-12-12T16:25:39.975410+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Processing request

2013-12-12T16:25:39.975855+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Authenticating with sfcb server.

2013-12-12T16:25:39.975916+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info user:root

2013-12-12T16:25:39.983614+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Authenticated user: root successfully

2013-12-12T16:25:39.983630+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info locale=en-US, id=ssoUpdate, action=submit, controller=<type 'instance'>

2013-12-12T16:25:39.983635+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Executing shell command with args: ['/usr/sbin/vcac-vami', 'host', 'info']

2013-12-12T16:25:39.994859+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Result from command: ---BEGIN---#012pvvapzz033.directv.com#012---END---

2013-12-12T16:25:39.994874+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Returned vCAC host: pvvapzz033.directv.com

2013-12-12T16:25:40.015425+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Executing shell command with args: ['/usr/sbin/vcac-config', '-v', 'certificate-check', '--url', 'pvvapzz032.directv.com:7444', '--key-store-file', '/usr/java/jre-vmware/lib/security/cacerts']

2013-12-12T16:25:41.753448+00:00 pvvapzz033 vami /opt/vmware/share/htdocs/service/cafe/config-page.py: info Result from command: 1.004: [GC1.004: [ParNew: 34240K->4224K(38464K), 0.0249350 secs] 34240K->5700K(123840K), 0.0250200 secs] [Times: user=0.04 sys=0.00, real=0.03 secs] #0121.632: [GC1.632: [ParNew: 38464K->4224K(38464K), 0.0416460 secs] 39940K->10701K(123840K), 0.0417120 secs] [Times: user=0.06 sys=0.00, real=0.04 secs] #012---BEGIN---#012{"valid":false,"subject":"CN=pvvapzz032.directv.com:7444,OU=IT,O=DIRECTV,C=US","sha1":"09 07 F6 F8 A8 62 22 82 FD 29 12 E1 8B 45 6D D2 A7 E8 EB FE"}#012---END---#012Heap#012 par new generation   total 38464K, used 8261K [0x00000000c0000000, 0x00000000c29b0000, 0x00000000caaa0000)#012  eden space 34240K,  11% used [0x00000000c0000000, 0x00000000c03f1698, 0x00000000c2170000)#012  from space 4224K, 100% used [0x00000000c2170000, 0x00000000c2590000, 0x00000000c2590000)#012  to   space 4224K,   0% used [0x00000000c2590000, 0x00000000c2590000, 0x00000000c29b0000)#012 concurrent mark-sweep generation total 85376K, used 6477K [0x00000000caaa0000, 0x00000000cfe00000, 0x00000000e0000000)#012 concurrent-mark-sweep perm gen total 262144K, used 12506K [0x00000000e0000000, 0x00000000f0000000, 0x0000000100000000)

---------------------------

Reply
0 Kudos
cloerner
Enthusiast
Enthusiast

I fixed it:

I regenerated the SSL certificates and I entered the FQDN in the Common Name field. Not CN=something, but just FQDN like sso@demo.local

This worked for me.

Reply
0 Kudos
bhoriuchi
Enthusiast
Enthusiast

sso@demo.local or sso.demo.local? I have tried the FQDN on the certs and that has not worked for me either.

Reply
0 Kudos
cloerner
Enthusiast
Enthusiast

Sorry. sso.demo.local of course.

Reply
0 Kudos
bhoriuchi
Enthusiast
Enthusiast

I am able to connect the beta vCAC appliance to the GA identity appliance so it looks like my issue is with the GA vCAC appliance.

Reply
0 Kudos
bhoriuchi
Enthusiast
Enthusiast

I resolved my issue. The problem was that I was using firefox to do the config. Apparently there is a popup to confirm that you are using an untrusted certificate and firefox does not display this. Using chrome i was able to see and accept the popup and sso configured successfully.

ssoCapture.JPG

secops
Contributor
Contributor

cool, in the vimeo video the other difference ( from the install guide )  was the common name, maybe that's the key.

Reply
0 Kudos
VirExprt
Expert
Expert

I got this issue resolved in my lab environment by fixing the issue of Host name resolution .

I figured out the my vCAC server is not resolving vCAC-SSO server`s FQDN which is actually mandatory for SSO working.

After editing /etc/hosts file & adding IP information for vCAC-SSO server i got it working.

Cheers

Hope this might help for people who are trying it out in small lab environment,

Br,

MG

Regards, MG
AGESICTE
Contributor
Contributor

Check that your SSL certificate is equal to the FQDN of Identity appliance. That worked for me.

Reply
0 Kudos
rojcosta
Contributor
Contributor

This link solved my problem: vCloud Automation Center Documentation

jpd441
Contributor
Contributor

This link solved my problem: vCloud Automation Center Documentation

Also worked for me, replace the Common Name with the FQDN of the Identity Appliance host. No cn=[hostname],O=[org], OU=[orgunit] or anything, just "via0.lab.net" or wherever your VIA is running.

Reply
0 Kudos
kdelgadovmw
VMware Employee
VMware Employee

One of our SE's wrote up a nice blog on the cert configuration as well:

http://www.vmtocloud.com/vcac-6-ssl-configuration-gotcha/

@KCDAutomate
Reply
0 Kudos
Czernobog
Expert
Expert

Remember not to use an '@'  in the SSO Administrator password, otherwise you will get this error when connecting the vCAC Appliance to SSO. Also you can't change the SSO Admin password later, afaik so it's important to get it right during first config.

Reply
0 Kudos
Techstarts
Expert
Expert

thanks very much it really helped !!!

With Great Regards,
Reply
0 Kudos
trailx
Enthusiast
Enthusiast

Je suis actuellement absent, sans accès à mes mails.

Je serai de retour le 21/01.

En cas d'urgence, merci de contacter Pierre Fumery (pierre.fumery@bull.net)

--- If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!
Reply
0 Kudos
TonyK23
Contributor
Contributor

Thanks for the tip, switching the browser from Firefox to Chrome fixed my issue as well.  Smiley Happy

Reply
0 Kudos