vRA replace certificate request fails with Error LCMVROVACONFIG100034 at task 'set VMware Aria Automation as authentication provider in VMware Aria Automation Orchestrator.'
Article ID: 375655
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
Replacing the certificate on Aria Automation, it throws an error when trying to re-authenticate external Aria Orchestrators
Environment
- Aria Automation is deployed and associated with 2 or more tenants (Default and Custom Tenant), vRA authenticated vRO is deployed with both the Tenants.
- Initiate Aria Automation replace certificate request on Aria Suite Lifecycle Manager.
- The certificates on the Aria Automation appliance do successfully change but the request fails at task 'set VMware Aria Automation as authentication provider in VMware Aria Automation Orchestrator.'
Cause
- The request payload in LCM takes vRA hostname as default tenant hostname instead of Tenant vRA hostname and login fails.
- We see the following in the /var/log/vrlcm/vmware_vrlcm.log
=========================
2024-06-28T07:27:17.706Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.t.SetNewVroVraAuthConfigTask] – VMware Aria Automation Orchestrator password YXYXYXYX created response:
{ "exitStatus" : 0, "outputData" : "", "errorData" : null, "commandTimedOut" : false }
2024-06-28T07:27:17.706Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – vRO ENDPOINT HOST :: DefaultTenant.fqdn.local
2024-06-28T07:27:17.706Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – COMMAND :: vracli vro authentication set -p vra -hn DefaultTenant.fqdn.local -u localadmin --password-file YXYXYXYX -f -k
2024-06-28T07:27:17.938Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – Executing command on the host: DefaultTenant.fqdn.local , as user: root
2024-06-28T07:27:17.939Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – ------------------------------------------------------
2024-06-28T07:27:17.939Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – Command: vracli vro authentication set -p vra -hn DefaultTenant.fqdn.local -u localadmin --password-file YXYXYXYX -f -k
2024-06-28T07:27:17.939Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – ------------------------------------------------------
2024-06-28T07:27:47.991Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – exit-status: 255
2024-06-28T07:27:47.991Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.u.SshUtils] – Command executed sucessfully
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – Command Status code :: 255
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – ====================================================
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – Output Stream ::
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – ====================================================
2024-06-28T07:27:47.992Z INFO vrlcm[4004] [pool-3-thread-36] [c.v.v.l.d.v.h.VroUtil] – Can not login with username and password YXYXYXYX Aria Automation
pod prelude/vro-cli-vn4dr8 terminated (Error)Resolution
- This is a known issue and VMware by Broadcom and is fixed in VCF 9.
- As a workaround we can import the new vRA certificate into the Control Center in vRO.
- Note: Since Aria Automation Orchestrator 8.18.1 there is no longer a Control Center, please refer to the Tech Docs to Manage Automation Orchestrator certificates in order to add the new Aria Automation certificate to the Trust Store for the Aria Automation Orchestrator.
- Then run a inventory sync on the vRA environment and the new certificate will be in use.
Feedback
Yes
No
Powered by
