vRLI operations attempted from SDDC Manager fail with error: Unable to test connection to VRLI load balancer
search cancel

vRLI operations attempted from SDDC Manager fail with error: Unable to test connection to VRLI load balancer

book

Article ID: 318777

calendar_today

Updated On:

Products

VMware Aria Suite VMware Cloud Foundation

Issue/Introduction

Symptoms:

VRLI admin user shows disconnected in Password Management after upgrading VCF to 4.5.0 and vRLI to 8.10. vRLI operations attempted from SDDC Manager will fail with the error: "Unable to test connection to vrli load balancer."

Other operations, such as vCenter Server certificate rotation, may also show an error; however, the operations should complete successfully regardless of the error.

"Could not establish retrust due to: Retrust with <vCenter FQDN> failed"

 

Environment

VMware vRealize Log Insight 8.10.x
Vmware Cloud Foundation 4.5

Cause

In vRLI 8.10, port 443 was disabled for API access, and was changed to port 9543.

Resolution

This is a known issue and is expected to be resolved in VCF 4.5.1.0 and above.


Workaround:

Complete vRLI related operations outside of SDDC Manager.

If vCenter certificate Replace operation from SDDC is failing because of vRLI certificate retrust then follow the below steps:

  • Verify that the Certificate has installed on vCenter, for example:

 

  • Remove the Old Cert from vRLI, under 'Management > Certificates'

 

 

  • Retrust vRLI with vCenter under 'Integration > vSphere'

 

  • Take a snapshot of SDDC Manager VM and Update the Operationsmanager DB
  • psql -h localhost -U postgres -d operationsmanager -c "select replacement_status_id,replacement_status,resource_fqdn from certificatemanagement.replacement_status where replacement_status='FAILED'"
  • psql -h localhost -U postgres -d operationsmanager -c "update certificatemanagement.replacement_status set replacement_status='SUCCESSFUL' where replacement_status_id='<id received from previous command>'"



You may still see the following error within the Certificates section, after updating the replacement status:

"Certificate Installation has failed"

Perform the following query/update in the Operationsmanager DB:

  • psql -U postgres -h localhost -d operationsmanager -c "select workflow_id,operation_type,operation_status,start_time from certificatemanagement.certificate_operation where domain_name='<domain name>'"

    psql -U postgres -h localhost -d operationsmanager -c "update certificatemanagement.certificate_operation set operation_status='SUCCESSFUL' where workflow_id='<workflow id obtained from query above>'"
Powered by Wolken Software