In my previous post "Tenant page never loads in vRA 6.x when logged in with administrator@vsphere.local", I tried to demonstrate the issue that can occur due to mismatch in Certificate common name and vRA appliance hostname. To fix the issue, I had regenerated the certificate with correct common name.
However later I noticed the below issue, when tried to configure endpoints as Infrastructure admin.
I was not able to access any options under Infrastructure Tab, though i logged in with infrastructure admin. For each option clicked, I was getting 401 - Unauthorized: Access Denied as in screenshot above.
I verified all the required permissions, services and all of it was correct.
However, I remembered the configuration that I did to fix the tenant page loading issue from the post mentioned i.e. Tenant page never loads in vRA 6.x when logged in with administrator@vsphere.local. I had regenerated the certificate with corrected common name to match hostname and that breaks the trust with other components.
When you replace a certificate for a vRealize Automation component, components that have a dependency on this certificate are affected. You must register the new certificate with these components to ensure certificate trust.
You should update components in the following order:
However, there is one exception is that an updated certificate for IaaS components must be registered with vRealize Appliance.
The following table shows registration requirements when you update a certificate.
For more details and certificate supportability, requirements and troubleshooting, check VMware KB 2106583
Solution:
However later I noticed the below issue, when tried to configure endpoints as Infrastructure admin.
I was not able to access any options under Infrastructure Tab, though i logged in with infrastructure admin. For each option clicked, I was getting 401 - Unauthorized: Access Denied as in screenshot above.
I verified all the required permissions, services and all of it was correct.
However, I remembered the configuration that I did to fix the tenant page loading issue from the post mentioned i.e. Tenant page never loads in vRA 6.x when logged in with administrator@vsphere.local. I had regenerated the certificate with corrected common name to match hostname and that breaks the trust with other components.
When you replace a certificate for a vRealize Automation component, components that have a dependency on this certificate are affected. You must register the new certificate with these components to ensure certificate trust.
You should update components in the following order:
- Identity Appliance
- vRealize Appliance
- IaaS components
However, there is one exception is that an updated certificate for IaaS components must be registered with vRealize Appliance.
The following table shows registration requirements when you update a certificate.
 |
| Image: VMware |
For more details and certificate supportability, requirements and troubleshooting, check VMware KB 2106583
Solution:
To fix this issue, foollow the steps below. You need to perform these steps on the IAAS server
- Navigate to C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe
- To update the vRA certificate for the IAAS server run below command:
- On command prompt, run IISReset command in order to restart the web services for changes to take effect.
- Verify that you can access infrastructure tab now.
Hope this helps!!!!!!
No comments:
Post a Comment