doOdzZZ's Notes

An offspring of a text file!

vCD and Cross-vCenters: An SSL relationship that went south

by · Published · Updated

Even with the most detailed standard operating procedures, software can still throw at you stones here and there. This time, I got in the middle of an ugly fight between the vCloud Director vCenter extention and another vCenter Server that is changing its SSL certificate while being in the same SSO domain.

I had a site that was up and running and it was being consumed with vCD normally, and all components had their SSL certificates changed without any issues. When site 2 came along, we practically did the same and everything was okay until we attempted to replace the SSL certificate for the second site’s vCenter Server.

  1. CSR issued.
  2. Certificate generated.
  3. Ran the certificate management tool.
  4. Irritation expressed in form of an error ;-):
    • Get service 111996b4-351e-4ca2-b716-1e7e7e7b9100_vCloud Director-1
      Status : 0% Completed [Operation failed, performing automatic rollback]

I did some quick research on the topic and couldn’t find anything relevant, after some digging I found that “vCloud Director-1” is the name vCDs extension in vCenter Server, but I was wondering why the heck is the vCenter Server in site 2 attempting to check the service on vCenter Server in site 1 that has to do with the vCD extension (I still don’t have an answer to that).

The environment had vCenter Server 6.5 and vCD 8.20, and here are my attempts:

  1. Attempt 1:
    1. I thought maybe the extension was acting up, so I unregistered it from MOB and then refreshed the vCenter Server  in vCD.
    2. Nope, still didn’t work :/.
  2. Attempt 2:
    1. I thought maybe because this is a cross-vCenter setup, then both vCenter Servers must have the same extensions.
    2. I added the NSX manager quickly and then added the vCenter Server in site 2 to the vCD deployment.
    3. Nope, still didn’t work :/.
  3. Attempt3:
    1. Unregistered the extention from both vCenter Servers.
    2. Attempted to change the SSL certificate.
    3. Eurika! It worked!
    4. Refreshed both vCenter Servers and verified that the extension is showing for both vCenter Servers.

I hope this would help someone, I didn’t test the same scenario with vCD 9.x as of yet, but if anyone has more information on this please do let me know and I’ll add you information to this blog post.

Thank you,
(Abdullah)^2

2605 Total Views 1 Views Today

Tags:

Abdullah

Knowledge is limitless.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.