VMware Cloud Community
thiago_corredor
Contributor
Contributor
‎07-13-2016 10:06 AM

Error when sync with AD

Good afternoon all,

We are receiving the error below, when we are trying to sync new users from AD:

Certificate for <vra> doesn't match common name of the certificate subject: xxxxxxx


Error from log:


2016-06-10 19:27:21,597 ERROR (tomcat-http--16) [vsphere.local;05fdd4ec-c66d-4728-ab26-f6a23dbbe1d9;172.19.24.131] com.vmware.horizon.connector.management.utils.ConnectorCommunicationUtils - Unable to execute local REST API: Certificate for <vra> doesn't match common name of the certificate subject: x

xxxxxxxxxxxx

javax.net.ssl.SSLException: Certificate for <vra> doesn't match common name of the certificate subject: xxxxxxxxxx

This certificate for <vra>  is installed where?

Becase we installed a new certificate in vRA Appliance, issued to our domain (example: thiagosilva.company).

But appear that in some place, when the tool is trying to connect on AD, it is using the old certificate (issued to "vra").

Could you please help me?

Thanks

Reply
0 Kudos
6 Replies
jgemcs
Enthusiast
Enthusiast
‎01-05-2017 02:16 AM

Hi,

same error here  - did you find a solution for that problem ?

==> horizon.log <==

2017-01-05 11:10:41,105 ERROR (tomcat-http--28) [vsphere.local] com.vmware.horizon.connector.management.utils.ConnectorCommunicationUtils - Unable to execute local REST API: Certificate for <vrava> doesn't match common name of the certificate subject: vrava.lab.net

Jens

Reply
0 Kudos
msk05
Hot Shot
Hot Shot
‎01-05-2017 04:51 AM

You may need to republish the vRA appliance cert under VAMI-> host setting to fix this error

Reply
0 Kudos
Jdeb68
Contributor
Contributor
‎04-20-2017 03:37 PM

Has anyone resolved this issue?

We have run into this same issue after updating the cert via the VAMI interface. There is a tcserver.keystore file in /opt/vmware/horizon/workspace/conf directory that contains the former cert CN name. If this is the source of the issue, it may be a matter of how to re-create this keystore file.

Thanks,

Jerry

Reply
0 Kudos
marsherian
Enthusiast
Enthusiast
‎09-08-2017 05:39 AM

I found a work around with for this:

ssh root@<VRA_APPLAINCE_NAME>

su - postgres /opt/vmware/vpostgres/current/bin/psql vcac

set schema 'saas';

update "Connector" set "host"='<VRA_APPLIANCE_FQDN>' where "host"='vra';

\q

Rerun the synchronisation of your directory.

Reply
0 Kudos
kumar6384
Enthusiast
Enthusiast
‎09-20-2017 05:38 AM

Kindly refer the below links:

http://www.bkdatacentre.com/2016/04/adding-active-directory-authentication-vra7/

https://zhengwu.org/2015/12/22/initial-configuration-of-vrealize-automation-7/

I hope that the above answers your questions satisfactorily.

Reply
0 Kudos
forcerk
Enthusiast
Enthusiast
‎03-14-2019 01:46 AM

ssh root@<VRA_APPLAINCE_NAME>

su - postgres /opt/vmware/vpostgres/current/bin/psql vcac

set schema 'saas';

update "Connector" set "host"='<VRA_APPLIANCE_FQDN>' where "host"='vra';

\q

For me this was the solution.

Thanks marsherian

Reply
0 Kudos