Error: "Could not establish trust relationship for the SSL/TLS secure channel" while installing Telegraf agent on the windows based physical server.

search cancel

Error: "Could not establish trust relationship for the SSL/TLS secure channel" while installing Telegraf agent on the windows based physical server.

book

Article ID: 389315

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The Invoke-WebRequest or wget --no-check-certificate commands fails with "Could not establish trust relationship for the SSL/TLS secure channel"

This article provides step-by-step instructions to install the Telegraf agent on a windows based physical server for monitoring purposes in VMware Aria Operations.

Environment

VMware Aria Operations 8.12.x and Later

Cause

Downloading and installing the Telegraf agent fails due to certificate validation issues or network restrictions.

Resolution

Run the following PowerShell script to bypass certificate validation:

if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
    {
        public static void Ignore()
        {
            if(ServicePointManager.ServerCertificateValidationCallback ==null)
            {
                ServicePointManager.ServerCertificateValidationCallback +=
                    delegate
                    (
                        Object obj,
                        X509Certificate certificate,
                        X509Chain chain,
                        SslPolicyErrors errors
                    )
                    {
                        return true;
                    };
            }
        }
    }
"@
    Add-Type $certCallback
 }
[ServerCertificateValidationCallback]::Ignore()
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Download the Telegraf Agent Installation Script
Run the following PowerShell command:

Invoke-WebRequest "https://<CloudProxy-fqdn/IP>/downloads/salt/telegraf-utils.ps1" -OutFile telegraf-utils.ps1

Execute the Installation Script
Run the script with the required parameters:

.\telegraf-utils.ps1 product-managed -c <cloud_proxy_ip_or_collector_group_name> -t <token> -v <vmwareariaoperations_ip_or_fqdn>

Retrieve the Token for Script Execution
- Navigate to:
```
https://<vrops-fqdn>/ui
```
- Open Developer Tools in the broswer.
  - Cross-platform shortcut: "Ctrl + Shift + i" is generally the most consistent way to access developer tools across different browsers.
  - Mac shortcut: On Mac, use "Cmd + Option + i".
  - F12 alternative: You can also press "F12" to open developer tools in most browsers.
- Click on the Network tab.
- Log onto the 'Aria operations UI' with Admin credentials.
- Under Network, click Acquire, then click Preview (on the right).
- The token will be displayed in the format:
  
  ########-####-####-####-############::########-####-####-####-############
- Use this token in the script execution (as shown in step 3).

The above action should trigger telegraf agent installation on the server and the 'Agent Running' status should be seen under 'Manage Telegraf Agent' section.

Additional Information

Techdocs Link: Install/Uninstall an Agent Using a Script on a Windows Platform

Feedback

thumb_up Yes

thumb_down No