top of page

vRealize Orchestrator 8.x Control Center access is lost after its Authentication provider certificat

In this topic I encounter an issue with vRA. The Web GUI is not accessible and I get this Error: Attempting to access https://vROFQDN a Service Unavailable error is seen


After checking the container vco-app one of the pods is not starting

We also see the below probe fails

Cause: This issue is most commonly seen when standalone / clustered vRealize Orchestrator instances Authentication provider certificates have expired or have been replaced.


To resolved this issue we need to apply this Reference VMware KB: https://kb.vmware.com/s/article/83653


Steps:

- SSH or PuTTy into one of the vRO nodes within the cluster.

- Isolate the vco-app pod ID as this value is generated upon pod creation

kubectl get pods -n prelude

- Run the following command to enter a bash shell within the vco-app

kubectl -n prelude exec -it vco-app-7fbc9c65cc-2vm25 -c vco-server-app -- bash

- Run the following command to to expose the vro-configure-inner.sh shell script within the pod

rpm -hiv --nodeps /vco-cfg-cli.rpm

- Run the following command to update the aliases vco.vsphere.lookup-service.ssl.certificate and vco.sso.ssl.certificate within the keystore. Be sure to replace vSphere-Auth-Provider-URI with the actual URI for the vSphere Authentication provider in the italicized text

/usr/lib/vco-cli/bin/vro-configure-inner.sh trust --alias vco.vsphere.lookup service.ssl.certificate --uri vSphere-Auth-Provider-URI --accept

- type exit <hit enter> to get out bash

- To stop all services, run

/opt/scripts/deploy.sh --onlyClean

- To start all services, run

/opt/scripts/deploy.sh

- Validate the deployment has finished by reviewing the output from the deploy.sh script followed by attempting to access the previously inaccessible URLs.

- Now you can login again to the vRA Web GUI


Comments


bottom of page