Sunday, December 27, 2020

Unable to add vCenter to Usage Meter 3.6 after replacing the vCenter certificate

 Issue: Unable to add the vCenter endpoint to the usage meter due to certificate error

Error: There was a problem checking the certificate vCenter fqdn:443 .Unexpected exception :java.net.UnknownHostException:fqdn of vCenter



Actions performed: 

1.Checked the root certificate on the vCenter and machine SSL ,SAN names etc

2. Running an openssl command  from Usage meter using the IP address of the vCenter returns the certificate 

3. Running and opnessl command from Usage meter using the vCenter FQDN fails to resolve and unable to fetch the vCenter certificate.




Resolution :

1.SSH into the Usage Meter appliance using root

2.Took a backup of /etc/hosts file

3.Added the IP address and the FQDN of the vCenter after which vCenter was successfully added to the Usage Meter.





at No comments:
Labels:

Thursday, August 6, 2020

Top 20 articles for vRealize Operations Manager

Handy KB articles for recent issues in vROPS


  1. How to reset the root password in vRealize Operations
  2. How to reset the admin password in vRealize Operations Manager
  3. Adding additional storage to a node in vRealize Operations
  4. vRealize Operations Manager Sizing Guidelines
  5. Configure a Certificate For Use With vRealize Operations
  6. /storage/log is full on vRealize Operations
  7. Replace expired internal certificate in vRealize Operations Manager 6.3 and later
  8. Upgrade to vRealize Operations Manager 8.0 fails due to the admin or root account password
  9. Upgrade to vRealize Operations Manager 8.0 hangs on step 4 of 9
  10. Shutdown and Startup sequence for a vRealize Operations Manager cluster
  11. Clearing the Alerts and Alarms Tables in vRealize Operations
  12. Upgrade to vRealize Operations Manager 8.x fails due to low space on /dev/sda
  13. Upgrade to vRealize Operations Manager 8.0 fails due to low space on /dev/sdc
  14. Continuous disk space alerts for /storage/archive Guest File System in vRealize Operations Manager
  15. Rebooting nodes in vRealize Operations Manager
  16. Minimum Collection User Permissions in vRealize Operations Manager 6.x and later
  17. How to take a Snapshot of vRealize Operations
  18. Change the IP Address of a vRealize Operations Manager Multi Node Deployment
  19. vRealize Operations Data Collection
  20. Reload the default certificate in vRealize Operations Manager
at No comments:
Labels:

Monday, July 20, 2020

Using Custom Certificates in Usage Meter 4.x


As we get to move on with customers and service providers asking to implement to use a secure web browser access to Usage Meter .The old versions of UM has methods to replace the certificates.

Beginning from 3.6.1 versions there is no official or supported methods to use a custom certificates for Usage Meter and we are still allowed with default certificates.

Recently we are receiving request from customer using their own internal or custom signed certificates for Usage Meter 4.x versions. It still in the road map and i believe it will be taken care in the upcoming versions.

I have tested in my lab since the Usage Meter 4.x version uses ngnix web servers so i found a possibility to replace the certificates.

Note: Its official not supported and no supported documentation available at this moment  and you have to repeat ever time you upgrade or patch the Usage Meter appliance make sure to take a snapshot or a valid backup before performing the steps

Please take a snapshot of the Usage Meter Appliance
Once you have the certificate and the key file generated from your CA
Access the Usage Meter appliance via SSH using the root account
Take a backup of the crt and key files from the location and copy the new crt and key files to     
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key
Edit the configuration file 
        vi /opt/vmware/cloudusagemetering/conf/nginx.conf  to match the crt and key location


    


Once the changes have been made make sure to give the usagemeter account full permissions to the directories crt,key,configuration files as shown below

 chown -R usagemeter /opt/vmware/cloudusagemetering/conf/nginx.conf
 chown -R usagemeter /etc/ssl/private/nginx-selfsigned.key
 chown -R usagemeter /etc/ssl/certs/nginx-selfsigned.crt


Once the permission has been provided the usagemeter account should be able to access the file
using the account so login into the UM appliance via SSH using usagemeter account

  chmod 777 /etc/ssl/certs/nginx-selfsigned.crt
  chmod 777 /etc/ssl/private/nginx-selfsigned.key
  chmod 777 /opt/vmware/cloudusagemetering/conf/nginx.conf



Finally reboot the appliance and verify the certificates on the https://IPaddress:8443 browser interface
at No comments:
Labels:
Subscribe to: Posts (Atom)

Replacing vROPS Certificates

Issue:  When using default certificates in vROPS  Due to security requirements it was necessary to replace the default self-signed certifica...