VMware Horizon Community
suncdm
Contributor
Contributor
‎04-11-2016 05:06 AM

App Volumes 3.0 second AV manager

Hi everyone,

I have a problem (cert maybe) with adding  second AV  manager server (Settings->Locations ->AV Manger)

Error 1:

Unable to register service due to domain error.

400 Bad Request

The plain HTTP request was sent to HTTPS port

nginx

Error2 :

Unable to register service due to domain error. Server Failure: Error: SSL Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE

How to fix this?

0 Kudos
4 Replies
Lakshman
Champion
Champion
‎04-11-2016 06:03 AM

Looks like a certificate issue. Please have a look at "Handling SSL Certificates for External App Volumes Managers" at Page 21 in the Install and Admin guide (attached).

Preview file
1077 KB
0 Kudos
suncdm
Contributor
Contributor
‎04-11-2016 06:24 AM

First part on page 21&22 (cert create&replace ) I made before and it was ok.

But I have two questions regarding this procedure on page 22

Installing SSL Certificates of External App Volumes Managers

Procedure

1 Copy the external AV Manager's CA certificate (e.g., rootCA.crt, if you've followed the procedure from

“Replacing the Default Self-Signed Certificate of AV Manager with a CA-signed Certificate,” on page 21) to local.

2 Make sure the file is in CRT or PEM format (Base 64-encoded text format).

3 Create a new file (for example, avCerts.pem) and copy the contents of the converted file in this file.

Make sure this file is readable for "xmp" user.

Q: Where (on which location) I need to create and put this avCerts.pem ?

4 Set the environment variable XMP_SSL_CERT_FILE to the path of the file where App Volumes certificates

are copied. This environment variable and the file to which it points should be readable for "xmp" user

in the App Volumes OVA/VM.


Q: Where is located variable XMP_SSL_CERT_FILE ?

0 Kudos
suncdm
Contributor
Contributor
‎04-14-2016 11:54 PM

only information,

in the current AppVolumes version can be only one AV manager ,second AV manager is not supported .

0 Kudos
Jason_Marshall
VMware Employee
VMware Employee
‎04-19-2016 02:13 AM

‌Not supported and AT YOUR OWN RISK but possible.

You can point the second manager back to the original or point both to an external Postgres db.

From the first OVA do the below.

  

/usr/local/av-manager/db_setup.sh <postgres_IP> <db_name> <db_username> <db_password> reset

/etc/wemi/utils/disable_ssl_validation.sh

on Second OVA...

run:

1) /usr/local/av-manager/db_setup.sh <postgres_IP> <db_name> <db_username> <db_password>

2) /etc/wemi/utils/disable_ssl_validation.sh

and then done

*do not* add “reset” at end of command on second OVA .. otherwise any db config will be cleared

0 Kudos