3 Replies Latest reply on Jun 1, 2017 5:48 AM by Jcates28

    Initial setup of VCSA...  AD Intergration...  Had to replace certs.  Now VCSA not available from web or client

    softadminupfcu Lurker

      Good day, and I hope yours is better than mine...


      Just downloaded and set up VCSA 6.0 U2.  Finally got it to join my domain*.  Added admin group from domain and gave them permissions.  Every time I tried to use NT authentication (the checkbox) it would error out.


      I found and followed articles 2020970 and 21112283.  Now I am unable to log into the web client nor the vSphere client.

      web client yeilds this


      A server error occurred.


      [500] SSO error: Cannot connect to the VMware Component Manager https://vcenter.sso.unitedpolicefcu.com/cm/sdk?hostid=827ac00b-1131-452e-b9fa-6b69a3a3f7ef


      Check the vSphere Web Client server logs for details.


                vsphere client says


      Windows session credentials cannot be used to log into this server   (which is what started the 2 KBs above)




      Cannot complete login due to incorrect user name or password  (I tried SSO Admin, domain user, appliance root user)


      I have tried the certificate replacement steps (option 8, then 8, then 3, then 4, then 8 again).  Each ends with errors similar to this:


      Status : 45% Completed [Replace machine Cert...]            
      Status : 50% Completed [Replace vsphere-webclient Cert...]            
      Status : 55% Completed [Replace vpxd Cert...]            
      Status : 60% Completed [Replace vpxd-extension Cert...]            

      2016-03-29T18:35:36.382Z   Updating certificate for "com.vmware.vim.eam" extension


      Status : 0% Completed [Operation failed, performing automatic rollback]


      Error while performing Cert Replacement operation, please see /var/log/vmware/vmcad/certificate-manager.log for more information.


      Performing rollback of Root Cert...

      Rollback Status : 0% Completed [Rollback Root Cert...]            
      Rollback Status : 30% Completed [Rollback Machine SSL Cert...]            

      Get site name



      followed by this at the end of the roll back


      Updated 0 service(s)

      Rollback Status : 40% Completed [Rollback machine Cert...]                 

      Rollback Status : 50% Completed [Rollback vsphere-webclient Cert...]                 

      Rollback Status : 60% Completed [Rollback vpxd Cert...]                 

      Rollback Status : 70% Completed [Rollback vpxd-extension Cert...]                 

      2016-03-29T18:36:23.960Z   Updating certificate for "com.vmware.vim.eam" extension



      Error while reverting certificate for store : vpxd-extension

      Rollback Status : 0% Completed [Rollback operation failed]


      Error while performing rollback operation, please try Reset operation...


      please see /var/log/vmware/vmcad/certificate-manager.log for more information.

      Thanks for the help from Stumped in Miami.


      *  And for those of you getting Error 11 on trying to join the domain go into the SCVA web portal, drill down to the actual network settings and switch the DNS to manual.  Sorry I can't be specific on the actual path to this setting.  Although I gave it specific DNS at set up and a static IP I finally found that it had reverted to getting DNS from DHCP...  Hope this helps.