In this topic I encounter an issue with vRA. The Web GUI is not accessible and I get this Error: Attempting to access https://vROFQDN a Service Unavailable error is seen
After checking the container vco-app one of the pods is not starting
We also see the below probe fails
Cause: This issue is most commonly seen when standalone / clustered vRealize Orchestrator instances Authentication provider certificates have expired or have been replaced.
To resolved this issue we need to apply this Reference VMware KB: https://kb.vmware.com/s/article/83653
Steps:
- SSH or PuTTy into one of the vRO nodes within the cluster.
- Isolate the vco-app pod ID as this value is generated upon pod creation
kubectl get pods -n prelude
- Run the following command to enter a bash shell within the vco-app
kubectl -n prelude exec -it vco-app-7fbc9c65cc-2vm25 -c vco-server-app -- bash
- Run the following command to to expose the vro-configure-inner.sh shell script within the pod
rpm -hiv --nodeps /vco-cfg-cli.rpm
- Run the following command to update the aliases vco.vsphere.lookup-service.ssl.certificate and vco.sso.ssl.certificate within the keystore. Be sure to replace vSphere-Auth-Provider-URI with the actual URI for the vSphere Authentication provider in the italicized text
/usr/lib/vco-cli/bin/vro-configure-inner.sh trust --alias vco.vsphere.lookup service.ssl.certificate --uri vSphere-Auth-Provider-URI --accept
- type exit <hit enter> to get out bash
- To stop all services, run
/opt/scripts/deploy.sh --onlyClean
- To start all services, run
/opt/scripts/deploy.sh
- Validate the deployment has finished by reviewing the output from the deploy.sh script followed by attempting to access the previously inaccessible URLs.
- Now you can login again to the vRA Web GUI
