Microsoft Entra ID SSO Configuration 'Test Connection' Failure - VMware vCenter Server
search cancel

Microsoft Entra ID SSO Configuration 'Test Connection' Failure - VMware vCenter Server

book

Article ID: 439426

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Configuring Microsoft Entra ID for vCenter Server, the process fails at the "Test Connection" step of provisioning.

An example of the error generated when "Test Connection" fails.

The error output contains:

The underlying connection was closed: Could not establish trust relationship for the SSL\\\/TLS secure channel.\\r\\nStack trace:\\r\\n at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)\\r\\n at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)\\r\\n\\r\\nInner exception:\\r\\nType: System.Security.Authentication.AuthenticationException\\r\\nThe remote certificate is invalid according to the validation procedure.\\r\\nStack trace:\\r\\n at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)\\r\\n at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult

Environment

VMware vCenter Server 8.0 Update 2 and later

Microsoft Entra ID

Cause

The machine hosting the provisioning agent lacks the required vCenter CA certificates to trust the vCenter Server.

Resolution

1. Download the vCenter CA certificates. Follow the steps in Download and install vCenter Server root certificates to avoid web browser certificate warnings 
2. Install the certificates on the machine running the provisioning agent.
3. Restart the provisioning agent.
4. Rerun the connection test.

Additional Information

Configuring Microsoft Entra ID for vCenter Server 

Download and install vCenter Server root certificates to avoid web browser certificate warnings 

See also:

vCenter "Access Denied" Error After Entra ID (Azure AD) OIDC Authentication 

Powered by Wolken Software