Kindly confirm if we are using external Platform Services Controller or a custom SSO domain?
To check if it is custom SSO
we can run the below command from vCenter appliance
cd /usr/lib/vmware-vmafd/bin ]# ./vmafd-cli get-domain-name --server-name localhost
If we are using an external Platform Services Controller (PSC), Single-Sign On (SSO) provider or have a custom SSO domain, toggle the Use Custom SSO Configuration switch to Yes.
a. Enter the PSC/SSO server or fully-qualified domain name (FQDN) or IP address.
b. If you are using the default PSC/SSO provider configuration, you do not need to complete the Advanced Options (optional) fields.
Complete the SSO Admin URL, SSO STS URL and Lookup Service URL only if you specified a custom configuration during the deployment of PSC or SSO provider.
For additional details regarding your PSC/SSO provider configuration, please see the vCenter Server vpxd.cfg file.
In vCenter Server Appliance 6.x, the vpxd.cfg file is located at /etc/vmware-vpx/.
In Windows Server, the vpxd.cfg file is located at C:\ProgramData\VMware\VMwareVirtualCenter\vpxd.cfg.
In vCenter Server 6.0, the vpxd.cfg file is located at C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx.
For more details refer to (page 20)
we are not using an external psc. We are using it all on the vcsa. Its a single instance.
We are using the default sso vsphere.local domain.
Therefor i think i do not have to set the advanced options.
Any other ideas?
The issue could also be due to the SSL certificates. If the SSL certificate is issued to the FQDN of the vCenter and you are using an IP address in the configuration page of Collector.
Check the SSL Certificates of the vCenter and use the name/address the SSL certificate has been issued to, you should be able to connect vCenter.
i try to use both. IP and FQDN. But either is not working.
Sorry for my late response. I have send you the smartsheet.
I have sent an email to the email-ID which was updated on the smart sheet.
“When a VC certificate is changed, Skyline won't be able to collect anymore from that VC, that's made on purpose and for security reasons. You will need to delete and add again. In this case it seems that Skyline thinks the STS server (security token service, e.g. the SSO) certificate is invalid. I'm not sure how certificates should be updated on the STS but it should be done automatically when updating the VC certificate and if that's embedded PSC. Maybe the customer did it manually and something's broken. Can you first ask on a vSphere channel because I'm not very familiar with how certificates should be updated on the VC. Maybe from there on we can decide if it's actually a Skyline problem and then debug it.”
So as per Skyline Engineering team the STS server certificate is the problem. There is no need to remove any old entries from the Skyline appliance. Just re-adding should work. We need to contact the vcenter server team again to validate if all the certs are working fine and take it from there.
I would suggest you to raise a case with VMware vcenter server team once and get the certs validated and then try adding vcenter server again.
Marking this question as correct answer due to inactivity. Please respond to this thread if the issue persists.