Configuring the Log Ingestion in VMware Cloud Director stuck at loading
search cancel

Configuring the Log Ingestion in VMware Cloud Director stuck at loading

book

Article ID: 432369

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • While configuring Log Ingestion in VMware Cloud Director (VCD), the configuration process may remain stuck on the loading screen and does not progress further.

Navigation path: VCD Provider Portal → Resources → Infrastructure Resources → Log Ingestion → Configure → Enter Aria Operations for Logs details → Save → Trust Aria Operations for Logs certificate

  • While configuring Log Ingestion in VMware Cloud Director, browser logs shows the following certificate exception:

{
    "targetProbe": {
        "result": "Certificate not trusted: java.security.cert.CertificateException: No name matching <Aria_Logs_FQDN> found",
        "resolvedIp": "Aria_Logs_IPAddress",
        "canConnect": true,
        "sslHandshake": false,
        "connectionResult": "SUCCESS",
        "sslResult": "ERROR_UNTRUSTED_CERTIFICATE",
        "certificateChain": "-----BEGIN CERTIFICATE-----##############-----END CERTIFICATE-----",
        "additionalCAIssuers": []
    },
    "proxyProbe": null
}

  • If you navigate to another tab in the VCD Provider Portal and then return to Log Ingestion, the status appears as Inactive, with an option to configure it again
  • When attempting the configuration again, the system prompts you to trust the certificate, after trusting the certificate, the following error appears : Certificate is already trusted

 

Environment

VMware Cloud Director 10.6.x

VMware Aria Operations for Logs 8.18.x

Cause

Configuring Log Ingestion get stuck when the Aria Operations for Logs certificate does not include the address used during configuration (either IP address or FQDN) in the Subject Alternative Name (SAN) field.

The error “Certificate is already trusted” occurs when a previously trusted Aria Operations for Logs certificate still exists in the VCD Trusted Certificates store. When the same certificate is presented again during configuration, VCD identifies it as an already trusted certificate and blocks the integration to prevent duplicate or stale certificate entries.

Resolution

To resolve the issue, remove the existing Aria Logs certificate(if any) from VCD Trust Store and reconfigure Log Ingestion in VMware Cloud Director.

Navigate to Trusted Certificates

  • VCD UI → Administration → Trusted Certificates

Remove the Stored Aria Operations for Logs Certificate

  • Identify the certificate matching the Aria Operations for Logs and delete it.

Validate and Reconfigure Log Ingestion Using FQDN

  • Ensure that the certificate used by Aria Operations for Logs includes the correct FQDN / IP in the Subject Alternative Name (SAN) field.

Steps to Generate a Self-Signed Certificate with SAN on Aria Operations for Logs

  • Log into the Primary node as root via SSH or Console.
  • Run the command to generate a new private key: openssl genrsa -out domain.key 2048
  • Create an OpenSSL configuration file (e.g., csrconfig.txt) with necessary details, including subjectAltName (SAN) field as shown below:

[ req ]
default_md = sha512
prompt = no
req_extensions = req_ext
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
commonName = your_server_fqdn.com
countryName = US
stateOrProvinceName = State
localityName = City
organizationName = Company

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = Aria_Logs_VIP_fqdn
DNS.2 = Aria_Logs_PrimaryNode_fqdn
DNS.3 = Aria_Logs_WorkerNode_fqdn
DNS.4 = Aria_Logs_VIP_Shortname
DNS.5 = Aria_Logs_PrimaryNode_Shortname
DNS.6 = Aria_Logs_WorkerNode_Shortname
IP.1 = Aria_Logs_VIP_IPAddress
IP.2 = Aria_Logs_PrimaryNode_IPAddress
IP.3 = Aria_Logs_WorkerNode_IPAddress

  • Run the command to generate a self-signed certificate with above config file: openssl req -x509 -new -nodes -key domain.key -days 3650 -out domain.crt -config csrconfig.txt -extensions req_ext
  • Run the command to concatenate the key and certificate into a .pem file, which you can then use in the next Prerequisites section: cat domain.key domain.crt > /tmp/cert.pem
  • Using an SCP utility like WinSCP, copy the /tmp/cert.pem file to the /tmp directory on all other nodes in the cluster.
  • Install the certificate by following the certificate replacement procedure for Aria Operations for Logs.

To install custom certificate on Aria Operations for Logs, please refer Install a Custom SSL Certificate.

After replacing the certificate on Aria Operations for Logs with one that includes the required SAN entries, reconfigure Log Ingestion in VMware Cloud Director. The configuration should complete successfully.

Powered by Wolken Software