Cloudbolt Support will be closed on Thurs Nov 26 in observance of Thanksgiving

SovLabs module failures after VMWare PSC Migration from external to embedded

Problem 

After you migrate you VMWare PSC from external to embedded you have errors with modules that utilise your vCenter EndPoint. 

The modules that may be impacted are:

  • vSphere DRS
  • vSphere Snapshot
  • VM Tagging

When updating your vCenter endpoint to embedded the workflow appears to be successful, however, in vRO workflow (SovLabs -> vSphere vCenter -> vRA ASD -> Update SovLabs vCenter Endpoint) you may see a Java error much like the following (You will notice that the pscUrl does not match the pscController.getSsoUrl.  When embedded it should have the same name)

[2020-08-26 20:53:37.561] [I] Original name: vsphere.local_vcenter-Configuration-name
[2020-08-26 20:53:37.564] [I] Original configuration label: vcenter-Configuration-name vs new configuration label: vcenter-Configuration-name
[2020-08-26 20:53:38.141] [I] pscUrl : https://PSCURL.domain.name/lookupservice/sdk
[2020-08-26 20:53:38.752] [I] pscController.getSsoUrl https://ssoserver.domain.name/sts/STSService/vsphere.local
[2020-08-26 20:53:38.859] [I] initialize logging into pscontroller
[2020-08-26 20:56:48.306] [E] --- STACKTRACE ---
java.lang.IllegalArgumentException: Vra7VirtualMachineHelper.processRequestToken failed while retrieving token.

{{timestamp.created}} {{timestamp.expires}} {{usernameToken.username}} {{usernameToken.clearTextPassword}} urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue {{lifetime.created}} {{lifetime.expires}} true http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

at com.sovlabs.compatability.AcquireBearerTokenByUserCredentialSL.issueRequestToken(AcquireBearerTokenByUserCredentialSL.java:343)
at com.sovlabs.compatability.AcquireBearerTokenByUserCredentialSL.getToken(AcquireBearerTokenByUserCredentialSL.java:205)
at com.vmware.vcloud.suite.samples.common.SSOConnection.login(SSOConnection.java:130)
at com.sovlabs.vra.vmware_api.vcenter.vcs62.VCS62VMClient.initialize(VCS62VMClient.java:275)
at com.sovlabs.vra.vmware_api.vcenter.vcs62.VCS62VMClient.<init>(VCS62VMClient.java:193)


Potential Causes

This issue is specific to your vSphere environment and not to the SovLabs Modules and could be caused by:

  • Incorrect certificate information
  • Incorrect name case being entered into the update vCenter endpoint
  • vSphere services not restarted after migration or vSphere environment not restarted after migration
  • Invalid username and/or password


Affected Versions

This is not specific to SovLabs so will affect all versions.


Workaround or Solution

Overview

The following should be reviewed to ensure you have completed the migration successfully.

Restart your vCenter server or services 

After migration it is a good idea to restart your vCenter server that now hosts your SSO.  The reason for this is to allow your services to register with your new certificates and for the Lookupservice to provide the correct information on where your SSO resides.


Different cases between server name and what is in the certificate

Validate that your PSC/vCenter certificates having matching case to your names.  If you happen to have capitals in the server names but not in your certificates it could potentially cause issues.  Example:

Your vCenter is typed in as vCenter.domain.name.  But in your certificate it may be vcenter.domain.name.  This might not be the issue but worth confirming.


Entering a different case into the Platform Service Controller (FQDN) field in the Sovlabs vCenter Endpoint

Please make sure that when you enter the PSC name that the case matches the server/certificate names.  This can cause errors with validation.


The credentials being used for your vCenter endpoint are no longer valid

Check the credentials being used by your vCenter endpoint has the appropriate permissions still and is not locked out.  You can update the credentials by using the SovLabs credentials manager if required.


Additional information

SovLabs Links

vCenter Endpoints account setup | https://support.cloudbolt.io/hc/en-us/articles/360045989232-vCenter-Endpoints-Account-Setup
vSphere DRS Module | http://docs.sovlabs.com/latest/vmware-vra7x-plugin/modules/vsphere/drs/
vSphere Snapshot Module | http://docs.sovlabs.com/latest/vmware-vra7x-plugin/modules/vsphere/snapshot/
vSphere VM Tagging Module | http://docs.sovlabs.com/latest/vmware-vra7x-plugin/modules/vsphere/vm-tagging/

3rd party links

https://www.vembu.com/blog/replacing-vcenter-ssl-certificate-lookup-service/
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.upgrade.doc/GUID-017992FB-9383-4F87-BCA6-4F5E42DE2FC5.html
https://blogs.vmware.com/vsphere/2019/02/understanding-the-vcenter-server-converge-tool.html
https://kb.vmware.com/s/article/2043509
https://kb.vmware.com/s/article/2132347


Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.