VMware Cloud Community
thiago_corredor
Contributor
Contributor
‎07-13-2016 10:06 AM

Error when sync with AD

Good afternoon all,

We are receiving the error below, when we are trying to sync new users from AD:

Certificate for <vra> doesn't match common name of the certificate subject: xxxxxxx


Error from log:


2016-06-10 19:27:21,597 ERROR (tomcat-http--16) [vsphere.local;05fdd4ec-c66d-4728-ab26-f6a23dbbe1d9;172.19.24.131] com.vmware.horizon.connector.management.utils.ConnectorCommunicationUtils - Unable to execute local REST API: Certificate for <vra> doesn't match common name of the certificate subject: x

xxxxxxxxxxxx

javax.net.ssl.SSLException: Certificate for <vra> doesn't match common name of the certificate subject: xxxxxxxxxx

This certificate for <vra>  is installed where?

Becase we installed a new certificate in vRA Appliance, issued to our domain (example: thiagosilva.company).

But appear that in some place, when the tool is trying to connect on AD, it is using the old certificate (issued to "vra").

Could you please help me?

Thanks

0 Kudos
6 Replies
jgemcs
Enthusiast
Enthusiast
‎01-05-2017 02:16 AM

Hi,

same error here  - did you find a solution for that problem ?

==> horizon.log <==

2017-01-05 11:10:41,105 ERROR (tomcat-http--28) [vsphere.local] com.vmware.horizon.connector.management.utils.ConnectorCommunicationUtils - Unable to execute local REST API: Certificate for <vrava> doesn't match common name of the certificate subject: vrava.lab.net

Jens

0 Kudos
msk05
Hot Shot
Hot Shot
‎01-05-2017 04:51 AM

You may need to republish the vRA appliance cert under VAMI-> host setting to fix this error

0 Kudos
Jdeb68
Contributor
Contributor
‎04-20-2017 03:37 PM

Has anyone resolved this issue?

We have run into this same issue after updating the cert via the VAMI interface. There is a tcserver.keystore file in /opt/vmware/horizon/workspace/conf directory that contains the former cert CN name. If this is the source of the issue, it may be a matter of how to re-create this keystore file.

Thanks,

Jerry

0 Kudos
marsherian
Enthusiast
Enthusiast
‎09-08-2017 05:39 AM

I found a work around with for this:

ssh root@<VRA_APPLAINCE_NAME>

su - postgres /opt/vmware/vpostgres/current/bin/psql vcac

set schema 'saas';

update "Connector" set "host"='<VRA_APPLIANCE_FQDN>' where "host"='vra';

\q

Rerun the synchronisation of your directory.

0 Kudos
kumar6384
Enthusiast
Enthusiast
‎09-20-2017 05:38 AM

Kindly refer the below links:

http://www.bkdatacentre.com/2016/04/adding-active-directory-authentication-vra7/

https://zhengwu.org/2015/12/22/initial-configuration-of-vrealize-automation-7/

I hope that the above answers your questions satisfactorily.

0 Kudos
forcerk
Enthusiast
Enthusiast
‎03-14-2019 01:46 AM

ssh root@<VRA_APPLAINCE_NAME>

su - postgres /opt/vmware/vpostgres/current/bin/psql vcac

set schema 'saas';

update "Connector" set "host"='<VRA_APPLIANCE_FQDN>' where "host"='vra';

\q

For me this was the solution.

Thanks marsherian

0 Kudos