Monthly Archives: May 2017

Replace vRealize Business Standard 7 Self Signed Certificates

Replace vRealize Business Standard 7.0 Self-Signed SSL Certificates. Business Management tab in vRA reports SSLHandshakeException.

BusinessManagement

  • Business Management Tab in vRA reporting error Javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Certificate Chain
  • vRA VAMI starts to report following services status as Blank
    • vcbm-service (com.vmware.vcbm.vcbm)
    • pricing-api (com.vmware.vcbm.pricing)

Did this in a vRA 7.1 – vRB 7.0 based simple deployment

Where I ran into a situation where vRA self signed certificate was already expired and both the above listed symptoms where being faced.

To get full resolution to this, I went ahead and began process of replacing certificates with steps listed below:

  • take snapshot of vRA appliance and vRB appliance
  • go to vRB appliance VAMI page
  • under vRealize Automation tab in vRB VAMI, supply administrator password and click on Unregister button, let it come throw with a message that unregister is done successfully.
  • Now, on Administration tab -> click on SSL
  • Choose the Mode as Generate Self-signed certificate
    1. Supply common name: FQDN of vRB appliance
    2. Organization Name
    3. Organization Unit
    4. Country Code
    5. certreplacement
  • Click on Replace Certificate and wait for success message
  • Go back into vRealize Automation tab, register vRA FQDN with name of the default tenant, administrator user and password associated with this account.
  • This will indeed fix the service registration issues in vRA VAMI page, which was unregistered earlier.
  • But Business Management tab will still continue to show SSLHandShakeError, to resolve this make sure you go in vRA SSH console and run command ‘service vcac-server restart’, give it about 10 to 15 minutes and check state of the services in vRA which should come out as Registered and Business Management tab is also looking OK.

Additional Reference: http://pubs.vmware.com/vrealizebusinessstd-7.0/topic/com.vmware.ICbase/PDF/vRealizeStd-Install-7.0.pdf

Facebooktwittergoogle_pluslinkedinmail

How to reset administrator@vsphere.local account password in vRA 7.x?

Have you forgotten your administrator@vsphere.local account password which you created at the time of initial configuration of your vRA 7.x environment, here’s how you reset it.

1) Login into Master vRA Appliance VAMI using appliance root user
2) go to vRA Settings -> SSO
3) in password fields for administrator user account, enter new password that you want to set (Please remember you don’t need old password at all), also confirm the new password in confirm password field
4) Save settings
5) wait for 10 to 15 minutes (Once it comes with Settings saved successfully message), go into Services tab and wait until you see all the services reporting Status as Registered, periodically refresh the page using button provided

if this is a single node vRA appliance based environment, please skip to step 10) directly.

6) now proceed to second vRA node, login in VAMI
7) Navigate to vRA Settings -> Cluster
8) Provide the FQDN and credentials of the master node and hit join the cluster
9) Again give it about 10 to 15 minutes and check status of all the services to become Registered

– Please repeat step 6 to 9 for all the additional vRA appliances in vRA nodes cluster.

10) Clear cache in the browser and try to login with administrator@vsphere.local to default tenant

your administrator account password has been reset successfully.

Additional bits to consider:
If administrator@vsphere.local account was used at places like configuring vCAC plugin in vRO, make sure you update password at all those places.

Facebooktwittergoogle_pluslinkedinmail

vRA 7.x Infrastructure Tab reporting Server Error 401 – Unauthorized: Access is denied due to invalid credentials

the reason I am creating this blog post is purely because the message was mis-leading but the actual reason was different fot this error in Infrastructure Tab.

One of the customer retported that they cannot see IaaS-Service regsitred in vRA VAMI -> Services, it’s being reported as blank.

at the same time in vRA portal, under Infrastructure tab Server Error 401 – Unauthorized: Access is denied due to invalid credentials was being displayed.

InfraTab

Further checks in IaaS web server host where ModelManagerData repository was residing, IIS Application Pool called RepositoryAppPool was stopped.

AppPool

attempt to start it was failing with some weird error message.

Service account password was not modified and should be working without much trouble.

That’s when something interesting got pointed in Repository.log

[UTC:2017-04-07 02:27:49 Local:2017-04-07 10:27] [Error]: [sub-thread-Id=”1″  context=””  token=””] Failed to start repository service. Reason: System.Security.Cryptography.CryptographicException: There is not enough space on the disk.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags) at VMware.Cafe.RegistrationData.ConvertCertStringToCertificate(String certRawData) at DynamicOps.Repository.Runtime.CafeClientAbstractFactory.InitializeFromDb(String coreModelConnectionString) at DynamicOps.Repository.Runtime.Common.RepositoryRuntime.Initialize().

and that certainly poited to right direction now, a quick look on system drive of the IaaS Web server host revelaed that there’s no space left on c: drive, and further investigation into this, and realized that IIS logs which were piling up since last 2 years were occupying 31 Gb all together, keeping just last 30 days worth log files and moved rest of the files on a different shared location was the first activity carried out.

Further steps taken are as below:

  1. Restart of the IaaS web server node after making enough space on c: drive
  2. restart of vcac-server in vRA appliacnes

These two actions have made things come back to normal.

Facebooktwittergoogle_pluslinkedinmail