VMware vSphere

 View Only

  • 1.  Cannot access vCenter login using FQDN - [400] An error occurred while sending an authentication req

    Posted Aug 19, 2023 07:15 AM

    This is a brand new install of the VCSA 8.0U1c.

    I configured the appliance with a FQDN during setup, have a forward and reverse lookup record in my DNS, and am trying to access the login page using the FQDN: my-server.mydomain.local

    I get the error

     

    [400] An error occurred while sending an authentication request to the vCenter Single Sign-On server- An error occurred when processing meta data during vCenter Single Sign-On setup:the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.

     

    If I use the IP address it works fine. I can also use the FQDN and log in using my-server.mydomain.local:5480

    When I do nslookup my-server.mydomain.local from the console of the VCSA it returns the correct IP (although the response comes from 127.0.0.1?). Checking the hostname from the console shows I have the correct FQDN set.

    When I try to adjust the DNS settings from the console, I get an error: Setting DNS failed

    Anyone have any idea what's going on?

    I saw this KB about setting a white list: https://kb.vmware.com/s/article/71387

    This is supposedly only for short names though. I'm using the FQDN. I might try it anyway, but why on a fresh install am I having to do this?

    Thanks for any help!



  • 2.  RE: Cannot access vCenter login using FQDN - [400] An error occurred while sending an authentication req

    Posted Aug 19, 2023 11:23 AM

    Have you also checked the PNID? Please find the below lines from the following document:

    https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-configuration/GUID-F46DBE63-F04E-42A1-B940-63A8F5B86ACF.html 

    The system name is used as a primary network identifier. If you set an IP address as a system name during the deployment of the appliance, you can later change the PNID to an FQDN.

    Here is cli command the check the same:

    /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

    Regards,

    Sachchidanand

     



  • 3.  RE: Cannot access vCenter login using FQDN - [400] An error occurred while sending an authentication req

    Posted Aug 19, 2023 04:37 PM

    I used a FQDN as the host name during install not an IP. 

    Regardless, I managed to get this working. Since this was a fresh install, I just deleted the VM and started over again. The deployment wizard had all the same settings from before and this time after deploying I was able to get to the vCenter client login using the FQDN.

    I have a hypothesis for why it didn't work the first time:

    The port group I had connected the appliance to the first time on the vSwitch did not have the correct VLAN properly cconfigured and thus had no network access. Maybe lack of network connectivity screwed with something? Probably name resolution which caused the certs to be generated with the IP instead? I didn't have a chance to investigate the certs so can't say for sure, but I was able to get to the client login via IP address before, so seems possible. Some type of warning would have been nice.