CA server URL not reachable error - Configure Certificate Authority for Microsoft fails.
Article ID: 412571
Updated On:
Products
Issue/Introduction
- Configuring the SDDC Manager with Microsoft CA certificate Authority fails with the below error -
- /var/log/vmware/vcf/operationsmanager/operationsmanager.log:
yyyy-mm-ddT:hh:mm:ss DEBUG [vcf_om,e7c2968f705c4839,6a9d] [c.v.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-2] Processing localizable exception Microsoft CA server server_fqdn is not reachable.yyyy-mm-ddT:hh:mm:ss ERROR [vcf_om,e7c2968f705c4839,6a9d] [c.v.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-2] CERTIFICATE_CA_CREATION_FAILED Microsoft CA server server_fqdn is not reachable.com.vmware.vcf.certmgmt.common.exception.CertMgmtRestException: Microsoft CA server server_fqdn is not reachable. at com.vmware.vcf.certmgmt.rest.api.controller.v1.CertificateManagementController.createCertificateAuthority(CertificateManagementController.java:195)
- Ping from the SDDC manager to the Microsoft server works, DNS is resolvable both ways - forwards and reverse.
- Running a curl command test from the SDDC manager appliance to the Microsoft Server gives no response on port 443-
curl -v https://server_fdqn:443
Environment
VMware Cloud Foundation 4.x.
VMware Cloud Foundation 5.x
Cause
Microsoft Server's Windows Defender Firewall is enabled, due to which connection via port 443 is blocked. The error in the logs directly state, CertMgmtRestException: Microsoft CA server server_fqdn is not reachable.
Resolution
Allow port 443 on the Microsoft Server.
To allow port 443 (HTTPS) from your SDDC to a Microsoft Server,
- Create a new inbound rule in the Microsoft Server's Windows Defender Firewall with Advanced Security.
- Select "Port" as the rule type, specify TCP and port 443, choose "Allow the connection" and Apply the change.
Feedback
