Problem
After you migrate you VMWare PSC from external to embedded you have errors with modules that utilise your vCenter EndPoint.
The modules that may be impacted are:
- vSphere DRS
- vSphere Snapshot
- VM Tagging
When updating your vCenter endpoint to embedded the workflow appears to be successful, however, in vRO workflow (SovLabs -> vSphere vCenter -> vRA ASD -> Update SovLabs vCenter Endpoint) you may see a Java error much like the following (You will notice that the pscUrl does not match the pscController.getSsoUrl. When embedded it should have the same name)
[2020-08-26 20:53:37.561] [I] Original name: vsphere.local_vcenter-Configuration-name
[2020-08-26 20:53:37.564] [I] Original configuration label: vcenter-Configuration-name vs new configuration label: vcenter-Configuration-name
[2020-08-26 20:53:38.141] [I] pscUrl : https://PSCURL.domain.name/lookupservice/sdk
[2020-08-26 20:53:38.752] [I] pscController.getSsoUrl https://ssoserver.domain.name/sts/STSService/vsphere.local
[2020-08-26 20:53:38.859] [I] initialize logging into pscontroller
[2020-08-26 20:56:48.306] [E] --- STACKTRACE ---
java.lang.IllegalArgumentException: Vra7VirtualMachineHelper.processRequestToken failed while retrieving token.{{timestamp.created}} {{timestamp.expires}} {{usernameToken.username}} {{usernameToken.clearTextPassword}} urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue {{lifetime.created}} {{lifetime.expires}} true http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
at com.sovlabs.compatability.AcquireBearerTokenByUserCredentialSL.issueRequestToken(AcquireBearerTokenByUserCredentialSL.java:343)
at com.sovlabs.compatability.AcquireBearerTokenByUserCredentialSL.getToken(AcquireBearerTokenByUserCredentialSL.java:205)
at com.vmware.vcloud.suite.samples.common.SSOConnection.login(SSOConnection.java:130)
at com.sovlabs.vra.vmware_api.vcenter.vcs62.VCS62VMClient.initialize(VCS62VMClient.java:275)
at com.sovlabs.vra.vmware_api.vcenter.vcs62.VCS62VMClient.<init>(VCS62VMClient.java:193)
Potential Causes
This issue is specific to your vSphere environment and not to the SovLabs Modules and could be caused by:
- Incorrect certificate information
- Incorrect name case being entered into the update vCenter endpoint
- vSphere services not restarted after migration or vSphere environment not restarted after migration
- Invalid username and/or password
Affected Versions
This is not specific to SovLabs so will affect all versions.
Workaround or Solution
Overview
The following should be reviewed to ensure you have completed the migration successfully.
Restart your vCenter server or services
After migration it is a good idea to restart your vCenter server that now hosts your SSO. The reason for this is to allow your services to register with your new certificates and for the Lookupservice to provide the correct information on where your SSO resides.
Different cases between server name and what is in the certificate
Validate that your PSC/vCenter certificates having matching case to your names. If you happen to have capitals in the server names but not in your certificates it could potentially cause issues. Example:
Your vCenter is typed in as vCenter.domain.name. But in your certificate it may be vcenter.domain.name. This might not be the issue but worth confirming.
Entering a different case into the Platform Service Controller (FQDN) field in the Sovlabs vCenter Endpoint
Please make sure that when you enter the PSC name that the case matches the server/certificate names. This can cause errors with validation.
The credentials being used for your vCenter endpoint are no longer valid
Check the credentials being used by your vCenter endpoint has the appropriate permissions still and is not locked out. You can update the credentials by using the SovLabs credentials manager if required.
Additional information
SovLabs Links
vCenter Endpoints account setup | https://support.cloudbolt.io/hc/en-us/articles/360045989232-vCenter-Endpoints-Account-Setup
vSphere DRS Module | http://docs.sovlabs.com/latest/vmware-vra7x-plugin/modules/vsphere/drs/
vSphere Snapshot Module | http://docs.sovlabs.com/latest/vmware-vra7x-plugin/modules/vsphere/snapshot/
vSphere VM Tagging Module | http://docs.sovlabs.com/latest/vmware-vra7x-plugin/modules/vsphere/vm-tagging/
3rd party links
https://www.vembu.com/blog/replacing-vcenter-ssl-certificate-lookup-service/
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.upgrade.doc/GUID-017992FB-9383-4F87-BCA6-4F5E42DE2FC5.html
https://blogs.vmware.com/vsphere/2019/02/understanding-the-vcenter-server-converge-tool.html
https://kb.vmware.com/s/article/2043509
https://kb.vmware.com/s/article/2132347
0 Comments