Reconfiguring the Lookup Service Details fails to connect to the Lookup service address in Cloud Director Availability 4.x
Article ID: 315010
Updated On:
Products
VMware Cloud Director
Issue/Introduction
- Reconfiguring the vCenter Server Lookup service on a Cloud Director Availability appliance fails and you see a similar error:
Cannot connect to Lookup Service at 'https://PSC_FQDN:443/lookupservice/sdk'. Make sure the address is correct and accessible.
Environment
VMware Cloud Director Availability 4.x
Cause
This issue can occur when the machine SSL certificate for the SSO service differs from the certificate stored in the vCenter Server Lookup service.
Resolution
To verify you are encountering vCenter/lookup service certificate issues, perform the following checks:
Warning: Incorrectly updating certificate information of service registrations may break the functionality of that service.
- SSH to the Platform Services Controller and log in as root.
- Use the lstool script to get a list of the registered services on the PSC:
vSphere 6.x:
/usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost:7080/lookupservice/sdk > /tmp/services.txt
vSphere 7.0:
/usr/lib/vmware-lookupsvc/tools/lstool.py list --url http://localhost:7090/lookupservice/sdk > /tmp/services.txt
/usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost:7080/lookupservice/sdk > /tmp/services.txt
vSphere 7.0:
/usr/lib/vmware-lookupsvc/tools/lstool.py list --url http://localhost:7090/lookupservice/sdk > /tmp/services.txt
- Open the services.txt file and search for the following section:
Service Type: cs.identity
- Take note of the endpoint certificate for the service.
- Run the following command against the PSC:
openssl s_client -connect PSC_FQDN:443 < /dev/null 2>/dev/null | openssl x509
- Compare the certificates from steps 4 and 5 to determine if there is a mismatch.
If it is a certificate mismatch issues use the KB: Using the 'lsdoctor' Tool to download lsdoctor, unzip the file and execute the command: python lsdoctor.py --trustfix to fix the mismatch.
Additional Information
Feedback
Yes
No
Powered by
