0 Replies Latest reply on Jan 15, 2020 2:20 PM by jonthewise1

    Issue Deploying vRealize Orchestrator

    jonthewise1 Lurker

      I'm having trouble deploying the vRealize Orchestrator product. I've googled like crazy, but nothing concrete is coming up. Basically, when I deploy it and log into the control center to set up authentication, I get an error:

       

      Error! An error occurred while retrieving the Single Sign-On token from: https://vcenter01.home.jonessa.us/lookupservice/sdk

       

      And the log file on the appliance has this:

       

       

      2020-01-13 21:04:32.119+0000 [https-jsse-nio-8283-exec-6] ERROR {} [ConfigureAuthProvider] [fe4295dc-e7d5-4274-9e41-7345e0ce5e02] Register authentication error: authentication: Authentication: state = CONNECTED, url = https://vcenter01.home.jonessa.us/lookupservice/sdk, certificateAlias = vco.vsphere.lookup-service.ssl.certificate, username = administrator, password = ******, importCertificates = false, configureLicences = true, certificate = [TrustedEntity [id=imported:60931edd-4cc0-4202-b5df-255c8630cb13, [5B 6D E3 5B C5 13 B9 72 69 A6 80 F6 A2 49 36 04 20 5D 34 9E], TrustedEntity [id=imported:11b37c51-c2d0-4762-9b29-64a83e29e78f, [9A C7 4B 08 19 5C AE AD 44 CE B3 C7 F6 62 E5 D9 9E 0F F0 1C], TrustedEntity [id=imported:d11db160-ce24-43de-bc16-984a8dc23b0f, [10 EF 5C 7A DD 2A 9E F5 C8 91 5B DD 9B FE 9E 46 01 5B 46 98]], service provider host = https://vrealize01.home.jonessa.us:8283 Sso Authentication: ssoUrlEndpoint = com.vmware.vcac.componentregistry.rest.stubs.EndPoint@22369ba4, stsUrlEndpoint = com.vmware.vcac.componentregistry.rest.stubs.EndPoint@22369ba4, adminUrlEndpoint = com.vmware.vcac.componentregistry.rest.stubs.EndPoint@3a73c0ad, ssoSslAlias = vco.sso.ssl.certificate, authenticationTokenType = saml, clientId = null, clientSecret = , adminGroup = null, adminGroupDomain = null, defaultTenant = vsphere.local, ssoClockTolerance = 300, tokenLifetimeInSeconds = 7776000, ssoTokenRenewCount = 5

      com.vmware.vim.sso.admin.exception.CertificateValidationException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

       

      I found this doc: https://docs.vmware.com/en/vRealize-Automation/7.4/com.vmware.vra.prepare.use.doc/GUID-CD4AC8E0-168C-43A9-99A1-64C30A5776F8.html and I have added both my Root CA and intermediate CA as well as the vCenter certificate to the trust store on the appliance, so I would think that should be solved. I even went so far as to add the certificates to the Java trustedca keystore. So I'm really stumped at the error...