vExpert 2015

Last night I found out I have been awarded with the VMware vExpert 2015 title!
 

vExpert 2015
 

This is the first time I am awarded on the vExpert program and it is a great honor for me to be part of this group of people.

So what’s a “vExpert”?
As VMware states : “A vExpert, in the simplest of terms, is an active member of the VMware community who imparts his/her advanced knowledge on others. The vExpert program is a way of recognising people who participate in the community and increase awareness of VMware products and uses.“

The list of the vExpert 2015 2nd half announcement can be found here : Link

A great thanks to Corey Romero & the vExpert Team for all their work.
And of course congratulations to all other vExperts 2015!

Read More

vRealize Automation MSB3073 Installation Error

Last week I was working on installing a distributed vRealize Automation (vRA) installation for a customer. The installation went smooth until I had to install the first Website and Model Manager Web Service component, then the dreadful “Error Configuring vRealize Automation Server. Open the log?” message appeared.

vRA-Error

And when I opened the vCAC-Config.log the following error was logged :

OK so lets fix this badboy, first things first.

MS DTC

Start with checking the MS DTC settings
(more…)

Read More

VMware vCenter Certificate Automation Tool 5.5 Error

Yesterday I was updating the SSL certificates of a vCenter 5.5 deployment with the VMware vCenter Certificate Automation Tool 5.5 and ran into an annoying error :

 
vCenter Certificate
 
Oh great “errorlevel is 1” no further information no nothing… So after double checking everything from DNS to the certificate requests it was time for some Google voodoo.

Because this wasn’t my first rodeo with SSL certificates for VMware products and I knew that the requests were OK, I could focus on the PKI. During my search I came across the blog post of Sean Massey (link) stating :

Note: If you use the walkthrough to set up your PKI environment, you will need to alter the configuration file to remove the AlternateSignatureAlgorithm=1 line. This feature does not appear to be supported on vCenter and can cause errors when importing certificates.

So then I compared the settings of the current PKI with one were it did work and voila the AlternateSignatureAlgorithm did had the setting 1 on the not working side.

Luckily this is quite easy to change by editing the registry on the issuing CA. Look for the following value :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\IssuingCA\CSP\AlternateSignatureAlgorithm

And set it to 0. If you remove this value completely it uses the default setting and that is 1. So be sure to set it to 0! Also when the value is not there just create the value and set it to 0.

Restart your issuing CA (better safe then sorry) and resubmit your certificate requests and follow the procedure for updating the vCenter SSL certificates again and behold :

vCenter Certificates

No more errors and the SSL certificate update completed successfully!

Some background information about the AlternateSignatureAlgorithm value (link).

Read More