Install & Configure VRLCM 2.1 Part-2

Next, We Create a New Environment and then create an New VRA environment using vRLCM

Go to Home and Click on Create Environment to get started

Click on Create Environment
The Default password is used for all the products being deployed using this instance
In this case, we selected the vRA deployment with deployment type as Small for the lab

Agree to the EULA, click Next

Enter the License

Select the NTP Servers and then click Next
Input all the Network Details and click Next

Select the Certificate which we have generated before and click Next

This is where things have gotten tricky in this version as we have multiple options to define the VRA environment including the windows template to create new vms themseleves.

let us go step by step process

Under Product Properties, provide the windows server username and password which you want to access after the box has been provisioned using the windows template.

Scroll down for further options

In the above configuration, We have only 3 VMs being deployed in VRA Simple Configuration.

  • VRA Primary Appliance
  • VRA DB server (Database server)
  • VRA IAAS web server (this contains iaas-web server, iaas manager, iaas DEM Worker and proxy-agent-vsphere )

Once all the Product details of VRA are put in, we will proceed to the precheck phase.

Click on RUN PRECHECK option to continue

Next, we click on Validate & Deploy option to deploy the vms

Make sure you disable UAC in the windows template and then click on Validate & Deploy option to continue.

The Validation process will start
Looks like my test failed with 2 Items, which I will be rectifying before trying to Validate again before Deployment

NOTE: The re-validation took more than 30 mins in my lab to complete. Not sure why it took a lot of time, but I suggest you all to be patient during this process as there is no way to speed it up.

The validation is successful and now we can go ahead and run the PRECHECK to continue

NOTE that at this point, I haven’t installed SQL Software on the SQL Server, but VRSLM has created an windows server for both the db and iaas install. I will have to install SQL Server on the db windows VM and see how it goes.

This Post is pending and I will be updating it soon once I have some clarification on if I need to install and configure the SQL software in the vRA SQL server windows machine or will the scripts do it if I provide the SQL ISO file. Stay Tuned …….

Issue with AD Sync in vRA 7.3.1 and 7.4

I have recently come across an issue in our vRA 7.3.1 environment where the AD sync started failing all of a sudden.

The error message looks as in the screenshot below:

AD Sync Error

This error basically means that vRA is not able to communicate with the Active Directory (Lets say my Domain is dallas.com and my vRA appliance hostname is dc1-vcf-vra-01.dallas.com) to update the AD groups and Users for authentication.

The error also means that the vRA is complaining that the connector hostname (in this case it is dc1-vcf-vra-01) doesn’t match the Common Name (CN) in the certificate which is the FQDN (dc1-vcf-vra-01.dallas.com).

Opened a ticket with VMware support and here are the troubleshooting steps recommended so far by them:

1.	     /usr/java/jre-vmware/bin/keytool -v -list -keystore /opt/vmware/horizon/workspace/conf/tcserver.keystore 
                 Check the The Common Name  in the self signed cert. It will be set to node hostname.
2.	     mkdir /root/tmp-bkp
3.	     mv /usr/local/horizon/conf/flags/fips* /root/tmp-bkp		( No file named fips or starting with fips in the flags directory as FIPS is not enabled in our environment)
4.	     /usr/local/horizon/scripts/secure/wizardssl.hzn
                 Install Self Signed Cert and update the keystore
5.	     mv /root/tmp-bkp/fips* /usr/local/horizon/conf/flags		(had to skip it as I was not able to execute the above fips* command)
6.	     service horizon-workspace restart

Will update this post with more steps once VMware support comes back to resolve this issue.

UPDATE

VMware support confirmed that the Common Name (CN) in the self signed Certificate has the FQDN and to follow the steps in the KB article https://kb.vmware.com/s/article/2145268 to check the postgres database for the connector and there we found the issue and rectified it.

From the KB 2145268, I followed the below steps:

Log in to each appliance and type hostname.
If the hostname is shortname and not FQDN, update it from VAMI.

Ensure that the following tables display all the appliances with the FQDN.
Connect to the database by running this command:

su - postgres /opt/vmware/vpostgres/current/bin/psql vcac

Set schema as SaaS by running this command:

set schema 'saas';

Verify the appliances hostnames in the ServiceInstance table by running this command:

select * from "ServiceInstance";

If the hostnames in the table are short, update the hostnames to FQDN by running this command:

update "ServiceInstance" set "hostName"='<new_hostname>' where "id"='<row_id>';

Verify the appliances hostnames in the Connector table by running this command:

select * from "Connector";

If the hostnames in the table are short, update the hostnames to FQDN by running this command:

update "Connector" set "host"='<new_hostname>' where "id"='<row_id>';

I had to substitute new_hostname as the FQDN of my vRA appliance (my case dc1-vcf-vra-01.dallas.com) and the row_id is the ID of the row in which the host name is displayed.

Once I made the modifications in the ‘ServiceInstance’ and ‘Connector’ and restarted the vRA appliance, my AD Sync started to Sync.

Install and Configure vRealize Suite Life Cycle Manager 1.2

This post details the installation and configuration of the vRealize Suite Life Cycle Manager 1.2 which was recently released by VMware to automatically provision vRA components as part of their Cloud initiative.

First, Download the Life Cycle Manager ova from the vRealize Suite 2017 components and deploy it using the vCenter web client

vRLCM_Installation01

vRLCM_Installation02

vRLCM_Installation03

vRLCM_Installation04

vRLCM_Installation05

vRLCM_Installation06
Select Enable Content Management option to enable content management.

vRLCM_Installation07

vRLCM_Installation08

vRLCM_Installation09
Provide the Hostname, default gateway, network IP address, subnet mask, DNS servers and the domain names in this window and click Next to finalize the deployment of the appliance.

vRLCM_Installation10
Click Finish to finalize the settings and to deploy the Life Cycle Manager Appliance

Once the vm has been deployed and powered ON, you will have to go to a web browser to configure the appliance.

https://IP_Address_of_the_Appliance/vrlcm

vRLCM_Configuration01

use the following credentials to login into the life cycle manager web UI

username: admin@localhost

password: vmware

vRLCM_Configuration02

 

vRLCM_Configuration03
The first thing you get after logging into the web UI is to update the root password

vRLCM_Configuration04

Click start to get started with the Life Cycle Manager

vRLCM_Configuration05

vRLCM_Configuration06

vRLCM_Configuration07

vRLCM_Configuration08

vRLCM_Configuration09
Once you click Next, it will say Done!

Now, we will create a New Environment in the lab

Click on Create Environment option to get started

Once you click on Create Environment option, you will be taken to a tab where it mentions that you will need to take care of a few things before you create the environment.

vRLCM_Configuration10.png

Let us take care of the Product Binaries first.

Click on Product Binaries option on the tab

vRLCM_Configuration11

vRLCM_Configuration14
I have used my VMware portal credentials to get the product binaries as I couldn’t get the local and NFS to work to get the product OVA’s.

Once you add the product binaries, let’s go and create a Certificate

vRLCM_Configuration12

vRLCM_Configuration13

Once these two pre-requisites are done, Let us move ahead …

On the main page, click on the Datacenters option on the left-hand side to create a Datacenter before we create the environment

vRLCM_Configuration15

vRLCM_Configuration16
Click on Add Data Center to provide a name for the Datacenter

vRLCM_Configuration17

Next, we add the vCenter server

vRLCM_Configuration18

vRLCM_Configuration19

vRLCM_Configuration20

Now, Let us go ahead and create an Environment

vRLCM_Configuration21

vRLCM_Configuration22

vRLCM_Configuration23
Accept the EULA Agreement by scrolling down, once you accept it, the NEXT button will appear

vRLCM_Configuration24

vRLCM_Configuration25

vRLCM_Configuration26

vRLCM_Configuration27

vRLCM_Configuration28
Provide all the required information. I have provided an existing SQL server and IAAS server, I have used 1 IAAS server for DEM Worker, Orchestrator, Proxy service

vRLCM_Configuration29
Click on RUN PRE CHECK option to perform the pre-checks before it deploys the environment

vRLCM_Configuration30

In this pre-check, you could get a validation failure which will need to be rectified before you run the pre-check again. its like shown in the picture below

vRLCM_Configuration31

vRLCM_Configuration32

Once you rectify the issue, run the pre-check again

vRLCM_Configuration33

Once the pre-check comes back clean, click on Next to move ahead

vRLCM_Configuration34

 

Click Submit and the life cycle manager will do the rest.

to check the progress, you can click on Requests icon on the left side of the page and clicking on in progress as the pic below

vRLCM_Configuration35

vRLCM_Configuration36

This process will take a long time … go, get some tea/coffee and it will still be deploying the environment …

vRLCM_Configuration37

vRLCM_Configuration38

This shows how to Install and configure vRealize Life Cycle Management and to create a vRA 7.4 environment.

 

 

SQL Connectivity Issue with vRA 7.4

Hello Peeps, Recently I was configuring vRA 7.4 at a customer’s place and came across an issue where the vRA appliance tries to talk to the external SQL server and fails with an error.

Here is the error:

SQL_Config_Issue01

After digging into the logs on both vRA and on the SQL server, here is what was determined as the issue

The SQL server has TLS 1.0 disabled and the vRA appliance was trying to communicate to the SQL server using TLS 1.0 instead of TLS 1.2 as the client has disabled TLS 1.0 on all its windows servers.

SQL_Config_Issue02

Troubleshooting steps tried:

Tried enabling TLS 1.0 and its Ciphers on the SQL server with no success

Checked with the Firewall team and they said that there is no firewall between the vRA appliance and the SQL server

Tried this in a different environment and it worked fine, just doesn’t work in this particular environment.

Conclusion:

 

Looks like the issue was with the SQL server and its Service Pack. SQL Server 2012 needs SP3 or higher to accept TLS 1.2 protocol. As soon as I upgraded my SQL server to SQL 2012 SP4, the communication worked fine and the vRA appliance was able to talk to the SQL server!!

Hope this helps in case you come across this issue.