vCenter Certificate Automation Tool: Part 3 (vCenter and Orchestrator)

Continuing from Part 2 of my VMware vCenter Certificate Automation tool series, we are now ready to replace the vCenter server and vCenter Orchestrator certificates. If you want to start at the beginning, check out Part 1.

1. Per the pre-planning guide step 4 I exit back to the main menu by pressing 5, then press 4. vCenter needs to trust the SSO certificate, so I press 1. The default path and file are correct, so I press enter. Success!

Step 4 of the pre-planning guide is complete. Check!

2. From the same menu I press 2, to update the vCenter SSL certificate. Again, the default paths and files were correct so I accepted them. Now I’m prompted for the vCenter administrator name and password. Next I’m asked to enter the original vCenter server database password, with all kinds of scary warnings if I input the wrong password since no validation is done. I’m also asked to enter the SSO administrator username and password.

After several minutes of chugging away I see a successful message.

Step 5 of the pre-planning guide is complete. Check!

3. Per the pre-planning guide I now must select option 3, to trust the inventory service SSL certificate.

Step 6 of the pre-planning guide is complete. Check!

4. Pressing 5 I get back to the main menu. And I need to go back into the inventory service, so I press 3.  Finally, we now configure the inventory service to trust vCenter by pressing 2.

Step 7 of the pre-planning guide is complete. Check!

5. Pressing 5 I get back to the main menu. I now press 5, to update vCO. Per the pre-planning guide I need to configure vCO to trust SSO, so I press 1. The default SSO filename is correct so I press enter.

Step 8 of the pre-planning guide is complete. Check!

6. Now vCO needs to be told to trust vCenter server, so I press 2 and validate the path is right.

Step 9 of the pre-planning guide is complete. Check!

7. Next up is updating the vCO SSL certificate, so I press 3 and validate the path.

Step 10 of the pre-planning guide is complete. Check!

Check out Part 4 where we update the Web Client and Log Browser SSL certificates.

Print Friendly, PDF & Email

Related Posts

18
Leave a Reply

avatar
7 Comment threads
11 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
12 Comment authors
smsDerek SeamanJack ChenBenChristian Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
monopohl
Guest
monopohl

Hi,

I'm getting the ERROR: unable to find vCO installtion when trying to update the Orchestrator Trusts. Orchestrator is installed, of course…. Any idea? Anybody experienced this issue, too?

best regards,

Thomas

aptones
Guest
aptones

Also had this error…. could be because vCO services isn't enabled by default if using the one that comes packaged with vCenter Server.
I enabled the vCO services but you still get the same error when re-running the tool.
In the end I just did a manual import of the SSO & vCenter Server SSL certs and the vCO cert…. seems to be fine.

Dave B
Guest
Dave B

monopohl. I have the same message followed by "The service is not installed on that machine." but indeed I have I have two Orchestrator services (both set to manual) that won't start and Orchestrator also shows up in "Programs and Features". It installed along with everything else as part of the vCenter suite of stuff. I am researching but don't know the cause or the solution yet.

Christian
Guest
Christian

Any update on this, Dave? I'm stuck on the same exact error. vCO is up and running, but this step still fails.

aptones
Guest
aptones

KB2047787 now points to the 'Troubleshooting & Known Issues' section of: http://kb.vmware.com/selfservice/microsites/searc

Eugene
Guest
Eugene

Hi Derek,

The "vCenter Original database password", which as you responded had nothing to do with the RSA_DBA is still a mistery to me.
I looked at the KB you pointed to and checking the registry I dont see any user. Does this mean no password should be used (blank) or should I use the password of the user that uses the ODBC connection?

Regards

Dan
Guest
Dan

Not sure where I screwed up, but I'm stuck on, "Update the vCenter Server Trust to Inventory Service". Every step until now has completed successfully. Forgive the long comment with error. If it is too long, please delete. Just trying to get help. Initializing complex type for RuntimeFault (com.vmware.vim.binding.vmodl.RuntimeFault) completed! Adding property faultCause (version com.vmware.vim.binding.vmodl.version.version1) Adding property faultMessage (version com.vmware.vim.binding.vmodl.version.version1) Initializing complex type for SystemError (com.vmware.vim.binding.vmodl.fault.SystemError) completed! Adding property faultCause (version com.vmware.vim.binding.vmodl.version.version1) Adding property faultMessage (version com.vmware.vim.binding.vmodl.version.version1) Adding property reason (version com.vmware.vim.binding.vmodl.version.version0) Cannot login to IS com.vmware.vim.query.client.exception.ClientException: java.util.concurrent.ExecutionException: com.vmware.vim.binding.vmodl.fault.SystemError: reason = Invalid fault inherited from com.vmware.vim.binding.vmodl.fault.SystemError: java.lang.IllegalStateException at com.vmware.vim.query.client.impl.QueryAuthenticationManagerImpl.loginBySamlToken(QueryAuthenticationManagerImpl.java:204) at… Read more »

Dan
Guest
Dan

An update to the above comment. I fail the exact same way when running register-is.bat manually. I even went back and tried vCenter 5.1U1a build 880471. I'm not sure what I'm doing wrong. I'm not using Windows Authentication. I don't think that should cause this problem though.

Ben
Guest
Ben

Hi Dan,

did you ever find a resolution to this issue? I am having the exact same problem.

Thanks,

Jack Chen
Guest
Jack Chen

I also met the "Cannot login to IS" when I tried to manually run register-is.bat. Found one document http://kb.vmware.com/selfservice/microsites/searc… but I don't think that was my problem. I was following https://communities.vmware.com/thread/421398?star… to recreate IS service, but always failed at register-is.bat.

Finally I found a workaround for me:

1. shutdown IS.
2. delete IS data
3. delete IS user.
4. createdb to recreate IS data
5. start IS
6. create IS user by "register-sso.bat"
7. run register-is.bat.

The two extra steps are delete IS user, then recreate it by register-sso.bat.

@basd82
Guest

Oke if you follow your guide, then it's the password of the service account used at the installation

sms
Guest
sms

For Step 5 (vCenter SSL Certificate) I'm hitting head against the wall trying different combinations…can you share what you used for the following?

vCenter Server administrator user name:
vCenter Server administrator password:
vCenter Server original database password:
Single Sign-On Administrator user:
Single Sign-On Administrator password:

Scroll to Top