i also thought so which is why i tried to install vCAC Cert on IAAS server but since the cert is not Private Key exportable , this cert is good for nothing, yet it is not trusted.

I have IAAS server and vCenter server on the same Virtual Machine :smileygrin: (this is my lab which have limited resources) still do i need to install these certs? can you please guide me how can i extract pem & cert both and install here.

thanks

Br,

MG

Hey i am completely lost as to where should look for exception in vCAC. As i assume and recall for vCAC 5.2, all exceptions were logged in repective DEM or Model Manger Service server Logs but in vCAC logs are so much distributed, could not locate where to see for what event and DEM/Server logs also does not tell anything about this exception.

Could you please guide me how and where to look for this exception if is logged somewhere!!!! :smileygrin:

i had not changed the IAAS certificate Post installation and is generated using AD Enterprise CA which is installed in IIS. Do i still need to perform these steps?

Br,

MG

What I meant was to click on the little magnifier icon and get the error details from there.

I believe all errors in IaaS are logged in Event log.

In regard to the certificate if you have selected this certificate during IaaS installation you do not need to perform the steps.

:smileygrin: oh i see..

I will lot you know if this comes again!!!

I am configuring all servers again as i was frustrated with so much errors and no clue for logs :smileygrin:

Br,

MG

Hello !!!

Here is the exception captured from Agent logs

This exception was caught:

System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

   at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request)

   at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request)

   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

   at VMware.vSphere.VimService.RetrieveServiceContent(ManagedObjectReference _this)

   at DynamicOps.Vrm.Agent.vSphere.VSphereSession.Connect(String username, String password)

   at DynamicOps.Vrm.Agent.vSphere.VSphereHypervisorServiceProvider.GetComputeResources(ManagementEndpoint managementEndpoint)

   at DynamicOps.Vrm.Agent.vSphere.VSphereAgentService.GetHostClusterList()

   at DynamicOps.Vrm.Agent.Core.VRMCoreAgent.SendPingReport()

   at DynamicOps.Vrm.Agent.Core.CoreAgentBase.SendPingReportLoop(Object sender, ElapsedEventArgs e)

What i feel is that IAAS component and vCenter are installed on the same server with same hostname but they have different certificated generated from different source.

If i am on correct understanding, i have to figure out how to make certficate with same hostname but different port trusted on the same server.

Need your help on that!!

Br,

MG

Hi,

It looks like the IaaS does not trust the vCenter certificate. Try to log on to the IaaS server and open any URL connecting to the vCenter with internet explorer. The first thing you will receive will be the vCenter cert and then when you continue past the certificate warning then you can click next to the URL bar where the invalid certificate warning is displayed and get a report from IE why it does not trust the cert. Possible reasons are

1. Signed by untrusted CA

2. Expired

3. CN mismatch

etc...

In regard to the multiple components on the same machine and different ports. When you create websites in IIS you create bindings when you create a binding on a https you specify the certificate used for that binding. So if you create a binding for port 12345 you can specify whatever certificate you want for this binding. Thus you can have a website running on 443 (i.e IaaS)  having one certificate and another one running on another port using second cert. When checking the validity of the cert the port is not taken into consideration whatever cert you get from the call you made on a certain port is being validated.

thanks for the such a informative description provided, i checked & that make sense as well, error is certificate is not issued from the trusted CA, it make sense because vCenter by default uses Self-Signed certificate. which is why it is getting error in vCAC.

As per my understanding, vCenter web components are hosted on TCServer which is other than IIS which hosts vCAC IAAS component website. For hosting vCAC Website, i can understand i must select ( which i actually did while installation) Port with valid certificate to bind with, however, for vCenter Self-signed certificate, is there anyway to replace binding from self-signed certificate to the one which is used for IAAS component generated which is actually CA signed certificate.

Br,

MG