vSphere Big Data

Hello all,

I'm trying to install BDE2.2  in a lab environment and I'm running into a error when i tried to enable sso.  "Cannot reach SSO Lookup Service. Verify that the URL is correct and the service is running."

vCenter and hosts are 6.0 with last patch.

i have one PSC appliance working as subordinate CA, the root CA is self-signed CA running on windows server 2012r2.

vcenter is also an appliance, and its certificate looks good.

BDE 2.2 vApp installed OK.

vCenter plug-in installed OK.

Lookup service URL I used https://myPSC:443/lookupservice/sdk

I checked log for enable sso: (/opt/serengeti/ssotool/installer.log)

[2015-08-04 16:43:40,634 main  DEBUG com.vmware.vim.install.cli.RegTool] $Id: //depot/vicore/vicore-2013/regtool/viregtool/src/main/java/com/vmware/vim/install/cli/RegTool.java#4 $

[2015-08-04 16:43:40,636 main  DEBUG com.vmware.vim.install.cli.RegTool] Executing command: storeSsoData -d https://psc01.lab.local:443/lookupservice/sdk -f /opt/serengeti/ssotool/ssoData

[2015-08-04 16:43:40,671 main  INFO  com.vmware.vim.install.impl.RegistrationProviderImpl] Intializing registration provider...

[2015-08-04 16:43:41,270 main  DEBUG com.vmware.vim.install.impl.LookupServiceAccess] Creating VMODL client for LookupService

[2015-08-04 16:43:41,274 main  INFO  com.vmware.vim.install.impl.CertificateGetter] Getting SSL certificates for https://psc01.lab.local:443/lookupservice/sdk

[2015-08-04 16:43:41,654 main  DEBUG com.vmware.vim.install.impl.CertificateGetter] Establishing socket connection to psc01.lab.local/192.168.102.2:443. Timeout is 60000

[2015-08-04 16:43:42,475 main  DEBUG com.vmware.vim.install.impl.AdminServiceAccess] Creating client for SSO Admin on address: https://psc01.lab.local/sso-adminserver/sdk/vsphere.local

[2015-08-04 16:43:42,906 main  ERROR com.vmware.vim.install.impl.AdminServiceAccess] com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified

I ssh to BDE2.2 management server, run:

     openssl s_client -connect psc01.lab.local:443 -tls1

I got:

          depth=1 C = US, DC = vsphere, DC = local, O = psc01.lab.local, CN = CA

          verify error:num=20:unable to get local issuer certificate

          verify return:0

so just like server certificate chain not verified, looks like BDE management appliance can not found my root CA certificate. now, i have my root CA certificate. my questions are:

1, where should i put this certificate? because i copy it to a folder, run "openssl s_client -connect psc01.lab.local:443 -CAfile /opt/chef-server/embedded/ssl/certs/rootca.crt -tls1" without error, but when i run "EnableSSOAuth" i still got same error.

2, can i replace BDE self-signed certificate with generate a csr and how can i do it?

thanks

It's a VC certificate issue. You can follow this KB to fix it.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2121689

Thanks,

Selina

Check DNS in Serengeti Server

check to ping vcenter server using fully qualified name FQN

I'm also looking for info on how to update BDE certificate.  Connection to appliance in vcenter web client extension keeps disconnecting with certificate error.