eccl1213
Enthusiast
Enthusiast

Workspace install fails with Error Creating admin user

So I just grabbed the binaries today and started to run through the deployment.

The vApp deploys fine and the install/configuration via the configurator-va console completes without error.

I then proceed to the Web admin page to continue the setup.

After I put in my trial key and password it proceeds to step 2a "Database Connection setup"

I select the option to use the internal database and it starts to confiure it.  After a few minutes the popup window closes and gives the error:

Error creating admin user.

hostname in certificate didn't match: !=

Any ideas?  Looks like it doesn't like the cert name (which was generated by the installer).

-M

0 Kudos
25 Replies
sravuri
VMware Employee
VMware Employee

What is your deployment architecture? Are you using a Horizon FQDN name that is different from gateway-va hostname?

Where does the Horizon FQDN point to? If it is a load balancer, what kind of SSL certs do you have on that machine?

0 Kudos
eccl1213
Enthusiast
Enthusiast

No ssl load balancer or any special setup.  This is a setup in a lab and I did a very plain setup.

I did configure all the DNS and reverse IP's as per the docs (the initial vApp config verifies this early on)

After that I'm simply puting the hostname in the browser.  I'm not using any other DNS names besides the host names.

-M

0 Kudos
mjpagan
Enthusiast
Enthusiast

Ditto, I've run into the same issue.

Error creating admin user.
hostname in certificate didn't match: !=

My setup is also simple:

10.1.0.71 configurator-va.domain.net
10.1.0.72  service-va.domain.net
10.1.0.73  connector-va.domain.net
10.1.0.74  data-va.domain.net
10.1.0.75  gateway-va.domain.net
10.1.0.75  workspace.domain.net

I did wonder that if the workspace.domain.net might be causing the problem so I deleted the DNS record then tried the wizard again but it failed immediately stating that it couldn't communicate with workspace.domain.net. 

I put it back and had the idea that I'd check the workspace.domain.net in a web browser to see what certificate it returned and it returned gateway-va.domain.net.  I begining to working if my failure to RTFM caused thte problem so I might try deploying from OVA tomorrow if I get time.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
0 Kudos
sravuri
VMware Employee
VMware Employee

Quick question: In the command-line configurator setup UI, did you set the Horizon FQDN to workspace.domain.net?

If so, that is good, then you can use that URL to access the workspace.

Still, as the gateway-va IP address has two hostnames now, we need to regenerate the certs. Please run the following commands:

On configurator-va, as root
cd /usr/local/horizon/lib/menu/secure
./wizardssl.hzn --makesslcert gateway-va  <FQDN>
./wizardssl.hzn

0 Kudos
mjpagan
Enthusiast
Enthusiast

Your fix worked.  It's odd that if they would want you to pick a permenant FQDN for the gateway-va for external/internal access but not fix this certificate as a part of the setup (that or I misundertand the configuration guide).

Thanks for your help.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
0 Kudos
sravuri
VMware Employee
VMware Employee

No, you didn't misunderstand the configuration guide. We optimized the certs to work for the case of a real load balancer externally. We completely understand that you may just make the gateway-va the fqdn first and then move it to a load balancer later.

We are trying to make the certs work in that case, in a near future release. Till then, we have to use this workaround.

0 Kudos
treverjackson
Contributor
Contributor

What do you mean you optimized the certs for an external load balancer? I've added my public ca certs and keys to my load balancer but when I use the fqdn I entered during the install it just redirects me to the configurator-va. How do you make this work properly with a load balancer? The docs say when using one not to install the cert/key on any VMs at all. So confused...

0 Kudos
sravuri
VMware Employee
VMware Employee

@treverjackson

What is the problem you are seeing? Were you able to complete the configurator web UI set up wizard successfully?

0 Kudos
treverjackson
Contributor
Contributor

No, I get failed to create admin user peer not connected.

During install I set the fqdn to horizon.mycompany.com<http://horizon.mycompany.com>, added the rootCA to my F5 and started the web setup.

0 Kudos
the1whynotq
VMware Employee
VMware Employee

I'm getting this same error today at point 2a: Database Connection Setup, select internal database and after a couple of minutes Error Creating Admin User. hostname in certificate didn't match: !=

run through the process using the FQDN assigned for the gateway-va but problem persists.

P

0 Kudos
JasonMTodd
Contributor
Contributor

Got through all that, now I'm getting:

Error while testing DB connection.
DB Connection Test Failed.

Right after it told me that the connection to the database server was successful. My monitor currently has a fist size hole through it.

0 Kudos
sravuri
VMware Employee
VMware Employee

@JasonMTodd

can you send me the logs from configurator-va - /opt/vmware/horizon/configuratorinstance/logs/configurator.log

and from service-va - /opt/vmware/horizon/horizoninstance/logs/horizon.log

0 Kudos
JasonMTodd
Contributor
Contributor

How can I enable sftp on the server? I can’t pull the log files off.

0 Kudos
mjpagan
Enthusiast
Enthusiast

You can use the free utility WinSCP to use the SCP protocol to attach to the appliance and grab the files you need.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
0 Kudos
JasonMTodd
Contributor
Contributor

I can log in to the server as root, but it denies access with scp with the same root account and password. Is there a different account for scp? I have also tried scp command on my linux laptop and the server denies access.

cid:image001.png@01CE34FC.EA180A10

0 Kudos
pbjork
VMware Employee
VMware Employee

Root is by default not allowed SSH access. Only SSHUSER has SSH access. You can SSH using SSHUSER and then use su- to get root access.

To enable root SSH access please look at this blog post: http://blogs.vmware.com/horizontech/2013/03/how-to-enable-ssh-in-horizon-workspace-virtual-appliance...

0 Kudos
JasonMTodd
Contributor
Contributor

cid:image001.png@01CE34FF.ADC867A0

Should I chmod that directory and add permission?

0 Kudos
JasonMTodd
Contributor
Contributor

Ok I chmod’d and got permissions, here are the log files.

0 Kudos
mjpagan
Enthusiast
Enthusiast

For reference.  If i need to grab log files for support, I ssh to the appliance and tar up the files and put them in the tmp directory.  The sshuser has rights to view those files so you can grab those with SCP.

Mike Pagán MCITP:EA, MCSE, VCAP5-DCA, VCAP5-DCD,VCP 5, VCP5-DT, CCNA, A+
0 Kudos