vRealize 7 - NSX Automation deployments fail due to problems of certificate with vRealize Orchestrator

Hello community,

After you have installed the latest version of vRA, vRO, and NSX I run questions when you apply components that use components of the NSX. First of all: details of the version:

-vRA: 7.0.0 (build 3292778)

-vRO: 7.0.0.16989 (build 331003)

-NSX: 6.2.1 (build 3300239)

vRO plugin versions are delivered with the vRO version listed above with the exception of the plugin NSX, which has been updated to the latest version (1.0.3 published on 17.12.15).

In the configured tenant vRO is configured as endpoint. I can check the data collection is running and working. I can see the plugin NSX for vRO runs the workflow 'create endpoint NSX' from time to time using the configured user of vRA VRO.

In the configured tenant vRO is thus configured as server default for ASD vRO. Connection test is successful. When you save the config I'm prompted to approve the vRO certificate, which I confirm. Note that the thumbprint specified matches the footprint of the vRO certificate that I get during the visit of the vRO system on https://vro:8281. I am able to navigate the vRO vRA designer workflows, therefore: connection seems established.

Within vRO the vRA COFFEE and plug-ins IAAS have been saved successfully. I am able to browse the inventory of plugin for both plugins.

To solve the problem, I created a new unified plan within the design section of vRA with the following configuration:

-Transport box: my area of transport configured NSX (checked: manual creation on this area using NSX works very well)

-Routed res pol. Bridge: my reference for the dash cluster to use Pol

-The only component dragged to canvas is a 'network and safety'-> 'On-Demand NAT Network' that uses a profile preset 1-to-many network as is "Parent network profile" without manual modification.

-Note that, although there is a plan very simple example to illustrate the problem, it happens with any model that I have set up if any component is confgured requiring the NSX plugin for vRO.

"Whenever I ask this plan, the request fails with the error message:" ","application [fa1e0689-0d06-4308-a914-e498c0d1fd99]: 404 not found "

Looking in vCenter, NSX and vRO I can check that nothing is really trigged when you ask for the action plan.

Consider the vRA /storage/log/vmware/vcac/catalina.log becomes very visible:

com.vmware.vcac.iaas.vco.network.helper.VcoEndpointSelector.isEndpointAlive:88 -
vRealize Orchestrator endpoint with url [https://s00-vro.my.domain:8281/vco] is not alive. 
Exception message:> [Host name 's00-vro.my.domain' does not match the certificate subject provided by the peer (CN=s00-vro.my.domain, OU=VMware, O=My Company, C=DE)]

com.vmware.vcac.iaas.vco.network.helper.VcoEndpointSelector.getFirstAliveEndpointByPriority:200
- vRealize Orchestrator endpoint [https://s00-vro.my.domain:8281/vco] with priority 1 is not alive. Skipping.

org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolv
er.logException:189 - Handler execution resulted in exception: Endpoint not found. There are no vRealize Orchestrator endpoints that are alive.

com.vmware.vcac.platform.service.rest.resolver.ApplicationExceptionHandler.handleHttpStatusCodeException:673 - 404 Not Found
org.springframework.web.client.HttpClientErrorException: 404 Not Found
...
...
...

Please note that I double checked the certificate. This is a self-signed certificate created using the 7.0 vRO new control panel, the one I get when you go to https://vro:8281. It is valid and the object (issed to CN) matches perfectly the hostname entered the ASD and endpoint configuration in the vRA. It is separable and time on all components of the server is in sync with the use NTP.

Now, I even re-generated certificate and re-registered and rebooted all the components, but while I can see that the certificate has been updated all components I always get the same question.

Never had this problem with the previous version of the NSX / vRA / vRO. I checked the documentation if nothing has changed here, but did not find what I'm doing wrong. Anythimg I'm missing here? Any bug?

OK, this seems to be the issue. So put atleast to previous day since version ofvRO (cannot check if it's true for charges vRO 7 installs as well but it is probably) vRO 'control center' will generate certificates based SHA1 vRA love not for actions that use the endpoint in the vRA vRO. ASD seems to work without these problems.

Sidenote: VRO upgraded installs will also come with SHA1 based CERT if they use a self-signed cert created by vRO. However: you would think that it is sufficient to recreate the cert using the control center. But it turns out it isn't, because it will generate a (new) based SHA1 cert.

What I did to solve the problem:

1. create a vRO SSH2 based certificate without the cert extensions, similar to the one that ships with built-in vRA vRO. I tend to use xCA for these jobs, but openSSL will do as well. The exact format required for the certificate of vRO is not documented, but I can make sure you need it like this: PEM certificate in key private and public including format PKCS #1, formatted as follows:

-----BEGIN RSA PRIVATE KEY-----
(Your private Key: your_vro_server.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your primary certificate: your_vro_server.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your intermediate certificate: intermed.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your root certificate: root.crt)
-----END CERTIFICATE-----

I had problems when I used the key extensions so I would say you don't use and don't create a very basic cert without extensions V3, as indicated on the right of the image to my last post (ideally, you want to have a cert with the same properties as the cert is used by the device of integrated vRO vRA unless of course different CN) etc.).

2. use the vRO control center located at https://your-externa-vro:8283 / vco-controlcenter / #/ and move to--> Orchestrator Server SSL certificate certificates. Use the action to import to import your PEM cert. It should tell you that you need to restart your device vRO. Then RESTART the device (for not just restart the service, this seems not be sufficient).

3 al ' vRA remove the Endpoint vRO everywhere wherever it has been configured. Also, I removed the vRO to the ASD config just to make sure that nothings left.

4 reboot the vRA power (IAAS can be left as what). I needed to do this because I have seen that the keystore at some point would keep beeing crushed by CERT vRA (?), I deleted it (AND I checked that they are deleted) reappears in the keystore after a while. After a reboot, the problem was gone, the keystore was clean.

5. Add the configuration of endpoint and ASD vRO. Accept the certificate.

6. the works.

Therefore, while I have no more time to solve the problems more than I guess the problem is the SHA1 function certificate generated by the device of vRO. The internal unit is equipped with a SHA2 based cert that works and after that change the external device SHA1 cert in a basic cert SHA2 all works.

Tags: VMware

Similar Questions

  • opatch 10.1.2 Oracle Home - ERROR: OPatch failed due to problems in the area of patch.

    Hi all

    DB: 11.2.0.3.0

    EBS:12.1.3

    Operating systems: Solaris SPARC 64-bit

    I get the following error message on the command below:

    opatch $ apply - invPtrLoc $ORACLE_HOME/oraInst.loc

    Setup Oracle interim Patch version 1.0.0.0.64
    Copyright (c) 2011 Oracle Corporation. All rights reserved...

    Oracle recommends using the latest version of OPatch
    and read the OPatch documentation in the docs/OPatch
    Directory for its use. For more information on the last OPatch and
    other support issues, please refer to document ID 293369.1
    available on My Oracle Support (https://myoraclesupport.oracle.com)

    Oracle home: /d001/test1/apps/tech_st/10.1.2
    The Oracle Home Inventory: /d001/test1/apps/tech_st/10.1.2/inventory
    Inventory Center: / export/home/applmgr/oraInventory
    from: /var/opt/oracle/oraInst.loc
    YES location: /d001/test1/apps/tech_st/10.1.2/oui
    YES shared library: /d001/test1/apps/tech_st/10.1.2/oui/lib/solaris/liboraInstaller.so
    Location of Java: /d001/test1/apps/tech_st/10.1.2/jdk/jre/bin/java
    Location of the log file: /d001/test1/apps/tech_st/10.1.2/.patch_storage/ < patch ID > / *.log

    The patch directory field must be a number.

    ERROR: OPatch failed due to problems in the area of patch.

    $ opatch version

    Setup Oracle interim Patch version 1.0.0.0.64
    Copyright (c) 2011 Oracle Corporation. All rights reserved...

    Oracle recommends using the latest version of OPatch
    and read the OPatch documentation in the docs/OPatch
    Directory for its use. For more information on the last OPatch and
    other support issues, please refer to document ID 293369.1
    available on My Oracle Support (https://myoraclesupport.oracle.com)

    OPatch Version: 1.0.0.0.64

    Tried the underside of the notes but the error persists. Even tried several times 'p6880880_101000_SOLARIS64.zip' to download and unzip on the server, but of no use. This question took place now for a few days.

    (Error: OPatch failed due to problems in the area of the Patch [ID 1281504.1]).

    Opatch error: The Patch Directory area must be a number [258650.1 ID]

    O patch 1.0 . 0.0.55 fails with the error 'the Patch directory field must be a number' [ID 394601.1]

    Patch Directory area must be a number: Opatch returns with the Code error = 170 [369555.1 ID]

    Please let me know any other suggestion is appreciated as the runinstaller from Patch 5983622 -Upgrade to Forms 10 g OracleAS and statement 10.1.2.3 (437878,1) fails after running root.sh Run specific tasks.

    I'm upgrading to 10.1.2.3.0 forms using - reclassification OracleAS g 10 forms and States to 10.1.2.3 (437878.1)

    Thank you for your time

    Kind regards

    user10088255

    Hi user10088255,

    Please follow the procedure under the section 'How to check the contents of the inventory Central' (Doc ID 742477.1) to check whether or not 10.1.2 ORACLE_HOME is registered in the central inventory. If it is not registered then follow one of the methods in the same doc to add.

    Thank you

    Hussein

  • ERROR: OPatch failed due to problems in the area of patch.

    HIII...,

    IM upgrading Forms 10 g OracleAS and reports in Oracle E-Business Suite Release 12.

    IM one of the additional fixes 9357237 such application mentioned in the metalink document

    Upgrade OracleAS 10 g forms and reports Oracle E-Business Suite Release 12 [437878.1 ID].

    Im getting the following error in the application of the patch


    Oracle home: /u02/oracle/PROD/apps/tech_st/10.1.2
    The Oracle Home Inventory: /u02/oracle/PROD/apps/tech_st/10.1.2/inventory
    Inventory Center: / u02/app/oraInventory
    from: /etc/oraInst.loc
    YES location: /u02/oracle/PROD/apps/tech_st/10.1.2/oui
    YES shared library: /u02/oracle/PROD/apps/tech_st/10.1.2/oui/lib/linux/liboraInstaller.so
    Location of Java: /u02/oracle/PROD/apps/tech_st/10.1.2/jre/1.4.2/bin/java
    Location of the log file: /u02/oracle/PROD/apps/tech_st/10.1.2/.patch_storage/ < patch ID > / *.log

    The patch directory field must be a number.

    ERROR: OPatch failed due to problems in the area of patch.


    IM using OPatch version: 1.0.0.0.64.

    When I downloaded nd unzipped the patch just like that

    [oracle@msftrac2 patches] $ cd 9357237 /
    [oracle@msftrac2 9357237] $ ls-l
    Total 132
    drwxr-xr-x 4 oracle oinstall 4096 13 April 2010 8447875
    drwxr-xr-x 5 oracle oinstall 4096 13 April 2010 9352208
    drwxr-xr-x 4 oracle oinstall 4096 13 April 2010 9357234
    -rw - r - r - 1 oracle oinstall 84630 13 April 2010 README.html
    -rw - r - r - 1 oracle oinstall 67 13 April 2010 README.txt
    -rwxr-xr-x 1 oracle oinstall 2258 remove_demo.sh April 13, 2010


    Can someone help me solve the problem. ?... waiitng for your suggestions...


    Thanks and greetings...

    Hello
    This shows that you do not have the README file in patches

    8447875
    9352208
    9357234

    Try to create a README.txt file in each of these directories and then apply the patch.

    Furthermore, what is the command that you use to apply this hotfix. (opatch apply or opatch napply)

    Thank you

  • Installation of policy blackBerry Smartphones MSI group failing due to problem of administrator rights

    I managed to install desktop manager 4.6 on my PC using the MSI from the CD. I'm a domain administrator, when I try to install the MSI even on other users in the domain through group policy that are not administrators, that the software will not be installed. I checked and politics is definitively applied and it says on logon the Blackberry Desktop Manager software is installed, but no group icon or a program is created.

    I don't want to give users administrator rights because users are not allowed to install the software on their PC. Normally the software installs through the strategy of group with no problem. I don't want to go around for each PC and install manually if I can avoid it.

    Any help would be most appreciated.

    Work on the problem. All the files from the downloaded package are required to install the application. When you configure the group policy installation only the msi file has been copied into the installation directory.

  • During a call to ActionVoip, getting the message "End call (call failed due to sound device on this computer problems)"

    Original title: I use Windows 7 Edition home premium.  When I am dialing from ActionVoip I get the message ' call ends (the call failed due to problems of audio device on this computer. "pls help...

    I use Windows 7 Edition home premium.  When I am dialing from ActionVoip I get the message ' call ends (the call failed due to problems of audio device on this computer. "pls help...

    Hello
     
    1. do you get errors related to other audio devices on the computer?
    2. what type of audio device you use? (You use a headset? If so, who is the manufacturer and what is the model?)
    3. in Device Manager, is the sound, video and game controllers show any exclamation point?
    4. have you made any software or changes to the material on the computer before this problem?

    Open the Device Manager

     
    To work on the issue, refer to these methods.
     
    Method 1:

    No sound in Windows

     
    Method 2:
     
    Reinstall the program in compatibility mode.
     
    Check out these links.
     
    Uninstall or change a program
     
    Install a program
     
    Make older programs run in this version of Windows

    Hope the information is useful.

  • D1G64UA: Windows 10 update fails due to no space in the recovery Partition

    Try to upgrade Windows to Windows 10 8.1 upgrade fails due to insufficient space in the recovery on the D: drive Partition

    The size of the recovery Partition is configured at installation of the HP factory and it leaves only about 3 GB, which is insufficient for the upgrade of Windows 10 start the upgrade begins by creating files in the recovery Partition.

    I don't want to remove the Windows 8.1 recovery files that already exist on the D: Partition of Recovery of the construction of the plant and in fact, I don't think that the o/s will allow me to delete these files from recovery.

    Any help in how to run the upgrade of Windows 10 is appreciated.

    Glad to see that my post has solved your problem.

    Please click "Accept as Solution" to my post so that others will see that this thread has been resolved.

    Thank you

  • on iPad Mini iOS 9.2.1 update fails due to low memory, even though 57 GB are available

    iOS 9.2.1 update failed due to low memory, although 57 GB was available.

    What is the cause and the fix?

    EN 57 is the size of your storage. There is no iPad with 57 GB of memory (live RAM). Have you tried to hold the home and power buttons until the iPad reboots? Also try double clicking the home button and close any open applications.

  • Compilation failed due to an error of Xilinx.

    I've recently updated since LV2014 until 2015, and an FPGA VI who previously compiled successfully is no longer made. My goal is a 7951R and I use a module e/s of 6584. A few minutes in the compilation process, I get the below error. I found the White Book of OR describing this problem for 2010 and provide a patch, but this solution has failed for me. Curiously, I can succeed in the compilation of FPGAS screws very simple, but not more complex that were previously viable.

    LabVIEW FPGA: Compilation failed due to an error of Xilinx.

    Details:
    ERROR: HDLCompiler:432 - "C:\NIFPGA\jobs\ODf62Gx_H0cwa34\NiFpgaAG_0000023b_ForLoop.vhd" line 55: Formal has no real or default value.
    INFO: HDLCompiler:1408 - "C:\NIFPGA\jobs\ODf62Gx_H0cwa34\arrayLpIndx_593.vhd", line 22. array_in is declared here
    ERROR: HDLCompiler:854 - "C:\NIFPGA\jobs\ODf62Gx_H0cwa34\NiFpgaAG_0000023b_ForLoop.vhd", line 24: Unit ignored due to previous errors.
    File VHDL C:\NIFPGA\jobs\ODf62Gx_H0cwa34\NiFpgaAG_0000023b_ForLoop.vhd ignored errors
    -->

    Total memory use is 239156 kilobytes

    Number of errors: 2 (filtered 0)
    Number of warnings: 11 (filtered 0)
    Number of news: 0 (0 filtered)

    "Synthesize - XST" process failed

    Compile time
    ---------------------------
    Introduction date: 04/12/2015-16:36
    Date recovered results: 04/12/2015-16:38
    Waiting time in the queue: 00:09
    Compilation of time: 01:44
    -Generate a Xilinx IP: 00:00
    -Estimate of the resources - PlanAhead: 00:33
    -Summarize - XST: 00:56

    Okay, that was weird.

    I discovered there was a small change between revisions. I had wrong initalized a table by exchanging the entries, so that the size of the array is 0 instead of n. normally, this should be taken at the beginning of the compilation, but this table null was used to initialize a shift register in a while loop and the exit from the while loop enters a loop, where my FIFOs operate. While the loop/shift register seems to be the essential element to the compilation of progress as he did and present it as a mistake of Xilinx. If you delete the while loop then the error is detected quickly and correctly identified.

  • System OR Configuration: (Hex 0x8004041F) the operation failed due to lack of dependence.

    I went to start one of my vi of today and I get this message: NI System Configuration: (Hex 0x8004041F) the operation failed due to lack of dependence.

    No one knows what it is or how to fix it?

    I finally fixed it.  After a complete repair of all my software from National Instruments does not solve it.  I've updated my fpga, labview real-time for 2013 SP1.  Everything seems to work again.

  • LabVIEW FPGA: Compilation failed due to an error of xilinx

    I'm getting a 'Compilation failed due to the error of Xilinx' you try to compile the code in LabVIEW 2013.The code has successfully compilated in labview2012. Any suggestions on what is causing this problem?

    Details:
    ERROR: HDLCompiler:432 - "C:\NIFPGA\jobs\THY4t7n_z6im2K7\NiFpgaAG_0000003a_SequenceFrame.vhd" line 29: Formal has no real or default value.
    INFO: HDLCompiler:1408 - "C:\NIFPGA\jobs\THY4t7n_z6im2K7\NiFpgaSetOutputDataEnable.vhd", line 37. cparametersignal is declared here
    ERROR: HDLCompiler:854 - "C:\NIFPGA\jobs\THY4t7n_z6im2K7\NiFpgaAG_0000003a_SequenceFrame.vhd" line 21: Unit ignored due to previous errors.
    File VHDL C:\NIFPGA\jobs\THY4t7n_z6im2K7\NiFpgaAG_0000003a_SequenceFrame.vhd ignored errors
    -->

    Total memory use is 204688 kilobytes

    Number of errors: 2 (filtered 0)
    Number of warnings: 4 (filtered 0)
    Number of news: 0 (0 filtered)

    "Synthesize - XST" process failed

    Compile time
    ---------------------------
    Introduction date: 2014/2/26 18:15
    Date recovered results: 2014/2/26 18:17
    Waiting time in the queue: 00:06
    Compilation of time: 02:02
    -PlanAhead: 01:16
    -Generator kernel: 00:00
    -Synthesis - Xst: 00:35

    Hi guys

    I think I can give you a helping hand on this.

    I have the same problem when I'm working on the Tutorial (2013) exercise 2 with Rio evaluation Kit.

    You can try one of the following option.

    Solution 1.

    1. in the VI package manager.

    Select 'Tools '->' Options'-> "General '->' package Installation"-> Unchecked 'mass Compile screws after Installation of the package.

    Solution 2

    1. in the VI package manager, uninstall the driver LCD

    2. unchecked "Mass compile screws after Installation of the package" (see Solution 1)

    3 reinstall the driver of the LCD screen.

    Mine did after Solution 2 and the compiler works.

    Hope it will be useful for you guys.

    Thank you

  • Group Policy infrastructure failed due to the error below. The specified domain does not exist or could not be contacted.

    using several Windows 2003 domain in an attempt to push the msi using Group Policy is following on xp sp3 machine error

    Group Policy infrastructure failed due to the error below.
    The specified domain does not exist or could not be contacted.

    Note: Due to the GP Core failure, no other component processes Group Policy policy.  Consequently, status information for the other components are not available.

    Hello

    Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the Technet Windows Forums. Here is the link:
    http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

  • Problems with the postal program error... System.IO.IOException: The handshake failed due to an unexpected packet format.

    Since a couple of days, I was receiveing an error message, I don't remember not change parameter or by downloading programs.  What to do to fix this problem...

    Unable to connect to mail servers. If please specify a valid e-mail server, the server properties, or check your network connection. The following exception occurred: System.Reflection.TargetInvocationException: Exception has been thrown by the target of a call. ---> System.IO.IOException: the handshake failed due to an unexpected packet format.
    at System.Net.Security.SslState.StartReadFrame (Byte [] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReceiveBlob (Byte [] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.CheckCompletionBeforeNextReceive (ProtocolToken message, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartSendBlob (Byte [] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication (receiveFirst, Boolean, Byte [] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication (LazyAsyncResult lazyResult)
    at System.Net.Security.SslStream.AuthenticateAsClient (String targetHost, clientCertificates X509CertificateCollection, SslProtocols enabledSslProtocols, checkCertificateRevocation Boolean)
    at System.Net.Security.SslStream.AuthenticateAsClient (String targetHost)
    at AdvancedIntellect.Ssl.SslSocket.StartTLS)
    -End of the exception stack trace internal-
    to aspNetEmail.EmailMessage. ? (String)
    to aspNetEmail.EmailMessage. ? ()

    I'll probably try disabling the Norton scanning function (which can require uninstalling/reinstalling Norton without this feature), as it can sometimes cause problems.

    Have you tried to contact support Email Sender Deluxe?

    -B-
    http://www.officeforlawyers.com | http://www.OneNote-tips.com
    Author: Guide to counsel for Microsoft Outlook

  • The installation of my recently acquired HP J3680 failed due to lack or the 'print spool.

    Original title: EU tive an instalacao da HP j3680 interrompida por falta "of printing spool" Como procedo?

    The installation of my recently acquired HP J3680 failed due to lack or the 'print spool.

    What can I do?  You have a possible solution?

    Thank you

    Fernando

    Hello

     
     
    What is the exact error message that you receive?
     
     
    I suggest you read the steps from the article below and check if it helps.
     
     
     
    If you want to support in your language, then I suggest you check out the link below.
     

  • Impossible to install or to uninstall Java, it fails due to a missing installation file.

    Original title: totally inapplicable JAVA

    I get a request for update of JAVA in every start, but it fails due to a missing installation file. I can't uninstall the version that I have for the same reason, and I can't install a new version either. The version I have does not work; I can not configure for example. Is there a way to clean it? Any help will be appreciated. Fred

    If you are unable to uninstall Java using the tool to uninstall Java or control panel > programs and features, download JavaRa(free), which should be able to do the job.

    Once Java is removed, download and install the latest version of http://java.com/en/

  • Create an instance of the component with CLSID {0002DF01-0000-0000-C000-000000000046} COM IClassFactory failed due to the following error: 80004005.

    I have IE 9 installed on my machine. When I try to create objects of IE using SHDocVw. Its version is 6.1.7601.17514. When I run my windows service it runs fine but when I create an installer and then run, it displays the error message: creating an instance of the component with CLSID {0002DF01-0000-0000-C000-000000000046} COM IClassFactory failed due to the following error: 80004005.

    IE = new SHDocVw.InternetExplorer ();
    IE = new SHDocVw.InternetExplorer (true);

    I tried the two lines.

    Please give me a solution.

    Hi Patrick,

    The problem you are having is more complex than what is generally answered in the Microsoft Answers forums. It is better suited to the MSDN forums.

    Please post your question in the MSDN Forums.

    You can follow this link to ask your question:

    http://msdn.Microsoft.com/en-us/library/aa752084%28V=vs.85%29.aspx

    I hope this helps. If you have problems of Windows in the future, let us know and we would be happy to help you.

Maybe you are looking for