Hi community,
after installing the latest version of vRA, vRO and NSX I'm running into issues when requesting components that use NSX components. First off: version details:
- vRA: 7.0.0 (build 3292778)
- vRO: 7.0.0.16989 (build 331003)
- NSX: 6.2.1 (build 3300239)
vRO plugin versions are the one bundled with the vRO version listed above except of the NSX plug-in which was updated to the latest release (1.0.3 released on 17.12.15).
Within the configured tenant vRO is configured as endpoint. I can verify data-collection is running and working. I can see the NSX plugin for vRO running the "create NSX endpoint" workflow from time to time using the configured VRO user from vRA.
Within the configured tenant vRO is as well configured as default vRO server for ASD. Connection test is sucessfull. When saving the config I'm asked to trust the vRO certificate, which I confirm. Note that the thumbprint shown does match the vRO certificate thumbprint that I get when visiting the vRO appliace on https://vro:8281. I'm able to browse the vRO workflows from within vRA's designer, thus: connection seems established.
Within vRO the vRA CAFE and IAAS plug-ins have been succesfully registred. I'm able to browse the plugin inventory for both plugins.
For troubleshooting the issue I create a new unified blueprint within the vRA design section with the following configuration:
- Transport zone: my configured NSX transport zone (verified: manual creation on this zone using NSX works just fine)
- Routed gateway res. pol: my res. pol. for the edge cluster to use
- The only component dragged to the canvas is a "Network & Security" --> "On-Demand NAT Network" which is using a pre-defined 1-to-many network profile as it's "Parent network profile" with no manual changes.
- Note that while this is a very basic example blueprint to illustrate the issue, it happens with any blueprint I configure if any component is confgured that requires the NSX plugin for vRO.
Every time I request that blueprint, the request fails with the error message: "Request [fa1e0689-0d06-4308-a914-e498c0d1fd99]: 404 Not Found"
Looking into vCenter, NSX and vRO I can verify that nothing is actually trigged when requesting the blueprint.
Looking into the vRA's /storage/log/vmware/vcac/catalina.log the issue becomes very visible:
com.vmware.vcac.iaas.vco.network.helper.VcoEndpointSelector.isEndpointAlive:88 - vRealize Orchestrator endpoint with url [https://s00-vro.my.domain:8281/vco] is not alive. Exception message:> [Host name 's00-vro.my.domain' does not match the certificate subject provided by the peer (CN=s00-vro.my.domain, OU=VMware, O=My Company, C=DE)] com.vmware.vcac.iaas.vco.network.helper.VcoEndpointSelector.getFirstAliveEndpointByPriority:200 - vRealize Orchestrator endpoint [https://s00-vro.my.domain:8281/vco] with priority 1 is not alive. Skipping. org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolv er.logException:189 - Handler execution resulted in exception: Endpoint not found. There are no vRealize Orchestrator endpoints that are alive. com.vmware.vcac.platform.service.rest.resolver.ApplicationExceptionHandler.handleHttpStatusCodeException:673 - 404 Not Found org.springframework.web.client.HttpClientErrorException: 404 Not Found ... ... ...
Please note that I double checked the certificate. It's a self-signed certificate created using vRO 7.0's new control panel, the one I get when accessing https://vro:8281. It's valid and the subject (issed to CN) DOES perfectly match the host name entered within the ASD and endpoint configuration in vRA. It's resolveable and server time on all components is in sync with the used NTP.
By now I even re-generated the certificate and re-registred and restarted all components but while I can see that the certificate was updated in all components I'm still getting the same issue.
Never had this issue with previous version of NSX / vRA / vRO. I checked the documention if anything changed here but didn't find anything that I've been doing wrong. Anythimg I'm missing here? Bug anyone?