vCAC 6.1 SSO Configuration Error

I spent most of the day today troubleshooting an error that I was getting while configuring the vCAC appliance.  This error had me, VMware support, and our consultant all scratching our heads.  The error that we were getting was:

Invalid “Host Settings” in the remote SSO server.  Expected: ssoservername.domain.dom:7444

As it turns out the SSO server information that you enter is case sensitive.  We finally ran across a very good write up about the issue and how to resolve it:

Attach http://brianragazzi.wordpress.com/2014/09/09/vcac-6-1-sso-configuration-gotcha/

It would be very helpful if VMware would note this type of information in the configuration guides or at least provide that information to their support and professional services teams.


vCenter Certificate Automation Tool 5.5

If you have never had the “Oh So Wonderful” fun involved with replacing and/or updating SSL certificates within your VMware infrastructures, you should consider yourself fortunate.  For those of us who have, VMware has delivered a tool to save our sanity.  Enter vCenter Certificate Automation Tool.  According to VMware, the main two purposes for the tool is:

  • Certificate Signing Request generation and Certificate update – Helps with certificate deployment and trust update. Note that the tool does not generate custom certificates for you. You are expected to generate these certificates offline following the instructions in this document.
  • Update Steps Planner – Allows you to plan the sequence of certificate updates for the components. This prevents errors in the process that might otherwise occur.

Per VMware, in order utilize the tool you must be able to meet all of the following requirements:

  • Administrative privileges on the server(s) on which you are running the tool. Although non-administrator users can download and launch the tool, all operations fail without the proper permissions.
  • Access to each server that has vSphere components for which the SSL certificate should be updated.
  • All vCenter Server components for which the certificates are to be updated are already installed and running.
  • The new certificates and private keys already exist and you know the location of the new certificates. For increased security, generate each certificate and private key on the machine where it will be used.

To get all of the complete details be sure to check out the VMware KB articles below:

Link Deploying and Using the SSL Certificate Automation Tool 5.5

Link Generating certificates for use with the VMware SSL Certificate Automation Tool