HPE OneView

Re: HPE OV4VC, vCLM, of course it doesnt work, its another HPE nightmare

 
T_1_6
Regular Advisor

HPE OV4VC, vCLM, certificates and registering SPP.

We recently upgraded our vCenters to v7.0u2 latest, OV4VC 10.3, Oneview 6.1, ready for the big vCLM ease of use and great functionality.

Well, what a let down, despite having a certificate issued by our AD PKI, OV4VC Fails to register the SPP with vCLM:-

"Online software depot registration failed. Please check HPE OneView for VMware vCenter certificate is added into vCenter trust store. If the problem persists, please contact technical support"

Again, this is despite having a fully trusted cert, and our root CA imported into OV4VC.
OK so maybe I should import anyway, using  "ADD CERTIFICATE",  sure that would work right??

LOL, of course not:- Failed to add HPE OneView for VMware vCenter certificate into vCenter Trust store. Please try again later or add the certificate manually into vCenter Trust Store.

 

    

 

3 REPLIES 3
T_1_6
Regular Advisor

Re: HPE OV4VC, vCLM, of course it doesnt work, its another HPE nightmare

Our PKI root is in vcenter trust store, our PKI intermediets are in the PKI trust store, ov4vc has a trusted cert from the PKI, all looks good, but it still fails.

What I have noticed is that browsing the online "help" for the appliance results in failure to display the page as the cert for anything on port :3512 is with the HPE self signed appliance cert.

EDIT:- It seems that upgrading the appliance from 10.2 to 10.3 broke the certificates we had installed, RE-generating the certs after the upgrade to 10.3 made it work. Who would have known? So the upgrade of the appliance breaks the certs, someone might want to look at that. After re-doing the certs, the online help now displays with the correct cert. After the 10.3 upgrade, the online help was showing the HPE Self signed cert, yet the management interface was showing the AD PKI signed cert. Something to note! Should have never bothered to upgrade and it would have worked!

 

EDIT2:- If you have two vCenters in Enhanced linked mode, does vCLM patch registration need to be done on all vCenters in Linked Mode manually?

Doug de Werd
HPE Pro

Re: HPE OV4VC, vCLM, of course it doesnt work, its another HPE nightmare

Our engineering team is looking into this and will get back with you as soon as we can.

I am an HPE employee
Accept or Kudo
Doug de Werd
HPE Pro

Re: HPE OV4VC, vCLM, of course it doesnt work, its another HPE nightmare

This is a bug that occurs during the upgrade to OV4VC 10.3.  We made a change in 10.3 related to certificates for vLCM.  This change was supposed to exclude CA signed certificates, but instead it generates a self-signed certificate by default.

As you have found, the workaround is to update/regenerate the CA signed certificates again to the OV4VC appliance.

For ELM – yes, the vCLM patch registration needs to be done on all vCenters in Linked Mode manually. You will also need to register the SPP/VUP individually on each vCenter.

We will be fixing this in our next release, and will also be creating a Customer Advisory.

Thanks,

Doug

I am an HPE employee
Accept or Kudo