Additional vCAC IaaS components are unable to install in a distributed environment under a load balancer. The installation fails with various error because of the broken SSL trust between multiple servers or components. Even there is 401 unauthorized error for the first vCAC IaaS component which got installed under the same load balancer. This issue will not arise in a standalone deployment environment.
- 401 - Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.
- SSL error in IaaS web server log as listed below:
- [HttpException (0x80004005) the underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.]
- System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12966756
- System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
- System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
- Errors related to SSL and “log on as a batch job” as listed below:
- Login to IAAS web server as an Administrator
- On the IaaS Web Server (all of the IaaS web servers) Edit the following two files:
E:Program Files (x86)VMwarevCACServerWebsiteweb.config
E:Program Files (x86)VMwarevCACWeb APIweb.config
- Change to False as listed below:
<servicePointManager checkCertificateName=”false” checkCertificateRevocationList=”false” />
- Optional: search for “SAML” in these above two files and change it to “false” (if needed)
- Reset the IIS service and restart “VMware vCloud Automation Server” Service in all the IaaS web servers.
- It’s not required to restart any appliance. The above changes will replicate in couple of minutes.
Note: This issue has been fixed in VMware vRA 6.3 release.