HPE Community
HPE OneView
1752795 Members
5866 Online
108789 Solutions
New Discussion юеВ

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

 
Edward L. Haletky
Valued Contributor

тАО08-24-2016 09:36 AM - edited тАО09-02-2016 08:59 AM

тАО08-24-2016 09:36 AM - edited тАО09-02-2016 08:59 AM

OneView for VMware vCenter v8.0.1: VASA URL Not working

Hello,

I have my HPE StoreVirtual VSA configured into HPE OneView for VMware vCenter 8.0.1 just fine. I can see the VASA Provider URL. Which I copy and try to register. This is a brand new install of OV4VC. It says to pick up the certificate which I do after inspecting. The CN of the certificate and the provider URL match. However, vCenter says the certificate is either malformed, CN does not match, or some other error. I have also attempted to use the certificate directly from OV4VC as there is an option to get the provider certificate. Once more there is failure.

I am at a loss, I am unsure why such an error would occur.

OV4VC is setup with a network for management for vCenter, and a Network for iSCSI management and data. So it has 2 network cards configured. 

I am using the default self-signed certificate created by OV4VC. My StoreVirtual is using v12.6 and was just updated. 

Also, this used to work with earlier versions of IC4VC.

Thoughts?

Edward L. Haletky

2 people had this problem.
0 Kudos
Reply
7 REPLIES 7
Ptyool
Occasional Advisor

тАО08-26-2016 07:26 AM

тАО08-26-2016 07:26 AM

Re: OpenView for VMware vCenter v8.0.1: VASA URL Not working

Hi Edward,

Again I got the same problem as you. I'm unable to register OV4VC VASA URL with my vCenter.

vCenter saying that the certificate is not valid, empty, incorrect, expired, revoked or the hostname check as failed. (see screenshot attached)

Did you find a way to register it ?

Regards,

Julien.

0 Kudos
Reply
Edward L. Haletky
Valued Contributor

тАО08-27-2016 02:00 PM - edited тАО09-02-2016 09:08 AM

тАО08-27-2016 02:00 PM - edited тАО09-02-2016 09:08 AM

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

Hello,

I am beginning to wonder if it is a SHA1 certificate problem. Mine happens to be SHA1....  I am in the midst of creating a local CA actually. Not sure how well that will work. I have not found any reason why this would fail yet. Logs do not show much.

I wonder if the reason is related to https://kb.vmware.com/kb/2079087 which is a v5.5 issue with instructions for fixing it on a windows based vCenter. Need to translate to the VCSA somehow....

However, I do not think it is this as I just configured VSAN and the VASA providers registered just fine.

Best regards,

Edward L. Haletky

0 Kudos
Reply
Edward L. Haletky
Valued Contributor

тАО09-02-2016 09:10 AM - edited тАО09-02-2016 09:13 AM

тАО09-02-2016 09:10 AM - edited тАО09-02-2016 09:13 AM

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

Hello,

Nothing appears in any logs on the HPE side when I go to register, what I do see is a message inside the VMware WebClient about unable to register as the 'certificate is untrusted'. Yet, I manually approved the cert.. I doubt the request is going anywhere near OV4VC. THe following appears BEFORE I approve the certificate.

The "Register new storage provider" operation failed for the entity with the following error message.

The provider certificate is untrusted.

Best regards,

Edward L. Haletky

0 Kudos
Reply
Edward L. Haletky
Valued Contributor

тАО09-02-2016 10:14 AM

тАО09-02-2016 10:14 AM

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

Hello,

I just went through the certificates for SMS using 

/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store SMS --text |more

and the SMS certificate is not expired. The OV4VC certificate is not expired. Not sure what else is up...

Best regards,

Edward L Haletky

0 Kudos
Reply
V12
Occasional Advisor

тАО09-09-2016 04:05 PM

тАО09-09-2016 04:05 PM

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

create the self signed certificate inside of the HPE Mangement menu. this problem will go away. then you have to get around a login issue which im working on. the self signed cert is not created by default

0 Kudos
Reply
Edward L. Haletky
Valued Contributor

тАО09-10-2016 09:55 AM

тАО09-10-2016 09:55 AM

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

Hello,

Well you still get the bad cert error (or a self-signed cert error). However, you can work past this. I just found the solution to the user.... It is not a user on the storage or one inside OV4VC, it is one you setup inside vCenter with the appropriate permissions. Well since I did not know those perms, I created a vCenter user with Admin rights... Now I use SSO for this.

Now I wish I could limit this user to just VASA rights. However, I have not found a limited set. So for now I am using a separate user so I can track what the user does within LogInsight using my content pak that does just that (https://github.com/Texiwill/aac-lib/vli).

Best regards,

Edward L. Haletky

0 Kudos
Reply
Ptyool
Occasional Advisor

тАО09-13-2016 11:47 PM

тАО09-13-2016 11:47 PM

Re: OneView for VMware vCenter v8.0.1: VASA URL Not working

Thank you both of you, I can confirm that I'm able to register OV4VC VASA provider after regenerate a self-signed certificate and use an admin vCenter account (using sso-domain\account and not account@sso-domain).

However I don't understand why the account neeeded is one from the vCenter and not from OV4VC... When you register the 3PAR VASA provider directly the account needed is one from the 3PAR...

By the way, I noticed that the VASA version is 1.0 with OV4VC and not 2.0, so I can't use vvol for example, is it the same for you?

Regards,

Julien.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.