Good day, and I hope yours is better than mine...
Just downloaded and set up VCSA 6.0 U2. Finally got it to join my domain*. Added admin group from domain and gave them permissions. Every time I tried to use NT authentication (the checkbox) it would error out.
I found and followed articles 2020970 and 21112283. Now I am unable to log into the web client nor the vSphere client.
web client yeilds this
A server error occurred.
 SSO error: Cannot connect to the VMware Component Manager https://vcenter.sso.unitedpolicefcu.com/cm/sdk?hostid=827ac00b-1131-452e-b9fa-6b69a3a3f7ef
Check the vSphere Web Client server logs for details.
vsphere client says
Windows session credentials cannot be used to log into this server (which is what started the 2 KBs above)
Cannot complete login due to incorrect user name or password (I tried SSO Admin, domain user, appliance root user)
I have tried the certificate replacement steps (option 8, then 8, then 3, then 4, then 8 again). Each ends with errors similar to this:
|Status : 45% Completed [Replace machine Cert...]|
|Status : 50% Completed [Replace vsphere-webclient Cert...]|
|Status : 55% Completed [Replace vpxd Cert...]|
|Status : 60% Completed [Replace vpxd-extension Cert...]|
2016-03-29T18:35:36.382Z Updating certificate for "com.vmware.vim.eam" extension
Status : 0% Completed [Operation failed, performing automatic rollback]
Error while performing Cert Replacement operation, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
Performing rollback of Root Cert...
|Rollback Status : 0% Completed [Rollback Root Cert...]|
|Rollback Status : 30% Completed [Rollback Machine SSL Cert...]|
Get site name
followed by this at the end of the roll back
Updated 0 service(s)
Rollback Status : 40% Completed [Rollback machine Cert...]
Rollback Status : 50% Completed [Rollback vsphere-webclient Cert...]
Rollback Status : 60% Completed [Rollback vpxd Cert...]
Rollback Status : 70% Completed [Rollback vpxd-extension Cert...]
2016-03-29T18:36:23.960Z Updating certificate for "com.vmware.vim.eam" extension
Error while reverting certificate for store : vpxd-extension
Rollback Status : 0% Completed [Rollback operation failed]
Error while performing rollback operation, please try Reset operation...
please see /var/log/vmware/vmcad/certificate-manager.log for more information.
Thanks for the help from Stumped in Miami.
* And for those of you getting Error 11 on trying to join the domain go into the SCVA web portal, drill down to the actual network settings and switch the DNS to manual. Sorry I can't be specific on the actual path to this setting. Although I gave it specific DNS at set up and a static IP I finally found that it had reverted to getting DNS from DHCP... Hope this helps.
We have a very similar problem running vCenter 6.0u2 on Windows. We've tried options 1&5 to replace certificates using a custom CA rather than the VMCA. Resetting (option 😎 also fails. We are also unable to connect with the thick client and web client. If we find a resolution I'll update this.
We were able to get our issue resolved with the help VMware tech support. Apparently there is an "undocumented feature" that was released in 6.0u1b and carried over into 6.0u2. When generating your CSRs you need the following OU names:
For the MACHINE CSR use "Root" for Organizational Unit (OU)
For User Solution User Certificate CSRs:
Lastly, when providing the root signing certificate, you need to provide the full chain (trusted CA + intermediate) and not just the trusted CA.
Hope this info helps you out if you haven't already resolved your issue. We were able to get running on custom certs using a Microsoft CA (options 1 & 5 in the certificate manager) using the info above.