Skyline

 View Only
  • 1.  Connect to vCenter

    Posted Apr 08, 2019 07:59 AM

    Hi all,

    i have an issue while connecting to one of our vcenter systems.

    I get the following error message:

    Couldn't create collection task to test endpoint. -> java.lang.RuntimeException: Couldn't login the client. -> Couldn't login the client. -> Received SSO error -> The SSL certificate of STS service cannot be verified.

    The vcenter server was updated and the connection was broken. So i decide to remove an re add the connection. But the issue is still there. Any ideas what could cause this?

    Thanks

    Frank



  • 2.  RE: Connect to vCenter

    Broadcom Employee
    Posted Apr 08, 2019 10:10 AM

    Hi Frank,

    Kindly confirm if we are using external Platform Services Controller or a custom SSO domain?

    To check if it is custom SSO

    we can run the below command from vCenter appliance

    cd /usr/lib/vmware-vmafd/bin ]# ./vmafd-cli get-domain-name --server-name localhost

    If we are using an external Platform Services Controller (PSC), Single-Sign On (SSO) provider or have a custom SSO domain, toggle the Use Custom SSO Configuration switch to Yes.

    a. Enter the PSC/SSO server or fully-qualified domain name (FQDN) or IP address.

    b. If you are using the default PSC/SSO provider configuration, you do not need to complete the Advanced Options (optional) fields.

    Complete the SSO Admin URL, SSO STS URL and Lookup Service URL only if you specified a custom configuration during the deployment of PSC or SSO provider.

    For additional details regarding your PSC/SSO provider configuration, please see the vCenter Server vpxd.cfg file.

    In vCenter Server Appliance 6.x, the vpxd.cfg file is located at /etc/vmware-vpx/.

    In Windows Server, the vpxd.cfg file is located at C:\ProgramData\VMware\VMwareVirtualCenter\vpxd.cfg.

    In vCenter Server 6.0, the vpxd.cfg file is located at C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx.

    For more details refer to (page 20)

    https://docs.vmware.com/en/VMware-Skyline-Collector/2.1.0/VMware%20Skyline%20Collector%20Installation%20and%20Configuration%20Guide=3=CDF%20PDF=en.pdf



  • 3.  RE: Connect to vCenter

    Posted Apr 08, 2019 03:46 PM

    Hi,

    we are not using an external psc. We are using it all on the vcsa. Its a single instance.

    We are using the default sso vsphere.local domain.

    Therefor i think i do not have to set the advanced options.

    Any other ideas?

    Frank



  • 4.  RE: Connect to vCenter

    Posted Apr 08, 2019 05:18 PM

    Hello Frank,

    The issue could also be due to the SSL certificates. If the SSL certificate is issued to the FQDN of the vCenter and you are using an IP address in the configuration page of Collector.

    Check the SSL Certificates of the vCenter and use the name/address the SSL certificate has been issued to, you should be able to connect vCenter.



  • 5.  RE: Connect to vCenter

    Posted Apr 09, 2019 06:21 AM

    Hi,

    i try to use both. IP and FQDN. But either is not working.

    Frank



  • 6.  RE: Connect to vCenter

    Broadcom Employee
    Posted Apr 09, 2019 09:16 AM

    Hi Frank,

    Kindly share email address and phone number with us on VMware Skyline Community - Smartsheet.com  so we can connect and address the issue.



  • 7.  RE: Connect to vCenter

    Posted Apr 15, 2019 05:50 AM

    Sorry for my late response. I have send you the smartsheet.

    Thanks

    Frank



  • 8.  RE: Connect to vCenter

    Posted Apr 15, 2019 07:10 AM

    Hello Frank,

    I have sent an email to the email-ID which was updated on the smart sheet.



  • 9.  RE: Connect to vCenter
    Best Answer

    Posted Apr 30, 2019 01:07 AM

    Hello Frank,

    “When a VC certificate is changed, Skyline won't be able to collect anymore from that VC, that's made on purpose and for security reasons. You will need to delete and add again. In this case it seems that Skyline thinks the STS server (security token service, e.g. the SSO) certificate is invalid. I'm not sure how certificates should be updated on the STS but it should be done automatically when updating the VC certificate and if that's embedded PSC. Maybe the customer did it manually and something's broken. Can you first ask on a vSphere channel because I'm not very familiar with how certificates should be updated on the VC. Maybe from there on we can decide if it's actually a Skyline problem and then debug it.”

    So as per Skyline Engineering team the STS server certificate is the problem. There is no need to remove any old entries from the Skyline appliance. Just re-adding should work. We need to contact the vcenter server team again to validate if all the certs are working fine and take it from there.

    I would suggest you to raise a case with VMware vcenter server team once and get the certs validated and then try adding vcenter server again.

    Marking this question as correct answer due to inactivity. Please respond to this thread if the issue persists.