VMware

vCenter Certificate Automation Tool 1.0

So for those of us who have experienced the wonderful times of dealing with replacing or updating certificates within our VMware infrastructures, VMware came to the rescue (kind of) and provided a tool for us to use.  This tool has been dubbed vCenter Certificate Automation Tool.  A little excerpt from the release announcement:

Fresh out of development today VMware has a new tool to help everyone with the implementation of custom certificates. The vCenter Certificate Automation Tool 1.0, will help customers update certificates needed for running vCenter Server and supporting components. 

In order to use the tool, you must have the following:

    Administrative privileges on the server(s) you are running the tool on. Although non-administrator users can download and launch the tool, all operations will fail without the proper permissions.

    • Access to each server that has vSphere components for which the SSL certificate will be updated.
    • All vCenter Server components which will have their certificates updated have already been installed and are running.
    • The new certificates already exist and you know the location of the new certificates. For increased security, generate each certificate and private key on the machine where it will be used. The new SSL certificate for each vSphere component must have a unique base DN.

So you don’t have to go around looking, here is a couple of links to KB articles on how to use the vCenter Certificate Automation Tool:


Just wanted to share this with the readers…enjoy!

Can’t Remove vApp in vCD – Pending State

So I have run into a few issues where trying to delete a vApp with Partially Powered Off VMs live inside the vApp.  It seems to place the vApp and VM into a Pending state in vCloud Director.  When you attempt to run the delete again it says that you need to stop the VM first.  In your eyes you thought the VM was stopped but vCD seems to think otherwise.  You check in vCenter and see the VM is powered off so what now?

DISCLAIMER:  THIS WAS DONE IN A LAB ENVIRONMENT!  DO NOT ATTEMPT THIS IN PRODUCTION WITHOUT THE PROPER PRECAUTIONS!  IF YOU ARE NOT COMFORTABLE WITH DATABASE WORK THEN PLEASE STOP NOW!

Continue reading “Can’t Remove vApp in vCD – Pending State” »

vCloud Director SAML/SSO FAIL OMG

Disclaimer: Use at your own risk!  Be smart and contact VMware GSS if this is a production environment!  This was in my lab so your mileage may vary!

So like many others I deployed vCloud Suite 5.1 into my home lab…all things were perfect until I decided to play with vCD and SSO.  SSO has had quite a stream of people complaining about it and also those saying how great it is.  As of right now, my personal take on it is that I am indifferent.  Anyway, that is not the point of this quick post…the point is:

I BROKE MY VCD LOGINS!!!

 

So I was receiving a crazy 500 error after attempting login through the vSphere Web Client to vCD.  For those of you not in the know about how to do this, check out the vCloud Director Admin Guide on page 127, “Configure vCloud Director to use vCenter Single Sign On“.  Anywho, after attempting the configuration, which mind you is relatively simple, I somehow managed to bork the configuration.  This resulted in a 500 Internal Server Error exclaiming: Incoming SAML message is invalid.  One would think, “No worries, I will just disable SAML/SSO in the administration portal.”

 OMG WTF!!!!  I can’t get into the portal to make the change! 

 

After a cry for help on Twitter late at night with nobody to respond, I decided this morning to dig into the Oracle database.  While looking through I see a table called IDENTITY_PROVIDER…looks like I may have found a place to disable the SAML/SSO authentication method.  VIOLA!  I did find it!  Now to change it…to do you will want to:

  1. Make sure you have a backup of your database.  (I did this in my lab!  Use at your own risk on ANY environment!)
  2. Connect to the Oracle DB.
  3. Run the following SQL: UPDATE VCLOUD.IDENTITY_PROVIDER SET IS_ENABLED = 0 WHERE PROVIDER_TYPE = ‘SAML’;
  4. Attempt to log back into vCD.

If all goes well, you should be back into vCD!  If you go to Administration->Federation you should see that Use vSphere Single Sign-On is no longer checked!  I am not sure that this is the proper method but it worked for me and I have not had any weird issues since making the change.  Hope this helps!

UPDATE:  Thanks to Luke (@ThepHuck) for doing this on Microsoft SQL.  Here is the script:

1
2
3
4
UPDATE [vcloud].[dbo].[identity_provider]
SET [is_enabled] = '0'
WHERE provider_type = 'SAML'
GO

UPDATE:  Thanks to Mathew Lodge (@mathewlodge) you can just add login.jsp to the URL to gain local login access like so:  http://vcloud.vsential.lab/cloud/login.jsp

1 2 3 11  Scroll to top