vRA replace certificate request fails with Error LCMVROVACONFIG100034 at task 'set VMware Aria Automation as authentication provider in VMware Aria Automation Orchestrator.'
search cancel

vRA replace certificate request fails with Error LCMVROVACONFIG100034 at task 'set VMware Aria Automation as authentication provider in VMware Aria Automation Orchestrator.'

book

Article ID: 375655

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Replacing the certificate on Aria Automation, it throws an error when trying to re-authenticate external Aria Orchestrators

 

Environment

vRA is deployed and associated with 2 or more tenants (Default and Custom Tenant), vRA authenticated vRO is deployed with both the Tenants.

Initiate vRA replace certificate request on Aria Suite Lifecycle Manager.

The certificates on the vRA appliance do successfully change but the request fails at task 'set VMware Aria Automation as authentication provider in VMware Aria Automation Orchestrator.'

Cause

The request payload in LCM takes vRA hostname as default tenant hostname instead of Tenant vRA hostname and login fails. 

We see the following in the /var/log/vrlcm/vmware_vrlcm.log

 

=========================
2024-06-28T07:27:17.706Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.t.SetNewVroVraAuthConfigTask] – VMware Aria Automation Orchestrator password YXYXYXYX created response:

{ "exitStatus" : 0, "outputData" : "", "errorData" : null, "commandTimedOut" : false }
2024-06-28T07:27:17.706Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – vRO ENDPOINT HOST :: DefaultTenant.fqdn.local
2024-06-28T07:27:17.706Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – COMMAND :: vracli vro authentication set -p vra -hn DefaultTenant.fqdn.local -u localadmin --password-file YXYXYXYX -f -k
2024-06-28T07:27:17.938Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – Executing command on the host: DefaultTenant.fqdn.local , as user: root
2024-06-28T07:27:17.939Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – ------------------------------------------------------
2024-06-28T07:27:17.939Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – Command: vracli vro authentication set -p vra -hn DefaultTenant.fqdn.local -u localadmin --password-file YXYXYXYX -f -k
2024-06-28T07:27:17.939Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – ------------------------------------------------------
2024-06-28T07:27:47.991Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – exit-status: 255
2024-06-28T07:27:47.991Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – Command executed sucessfully
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – Command Status code :: 255
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – ====================================================
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – Output Stream ::
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – ====================================================
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – Can not login with username and password YXYXYXYX Aria Automation
pod prelude/vro-cli-vn4dr8 terminated (Error)

Resolution

This is a known issue and VMware by Broadcom and is planned to be fixed in an upcoming release.

As a workaround we can import the new vRA certificate into the Control Center in vRO. 

Then run a inventory sync on the vRA environment and the new certificate will be in use. 

Powered by Wolken Software