Fail to connect to vCloud Director

KB Number:
000001650

Symptoms:
  1. Network tests can be performed sucessfully between the ZVM and VCD.
  2. You can open the vCloud director in a browser from ZVM machine.
  3. The ZVM fails to connect to vCloud Director
  4. The error message is: "Failed to login to 'https://URL_or_IP/api' with username 'Administrator@system'. Please verify the server address and credentials are correct."

Cause:
When an SSL certificate is generated, there is a field 'Common Name' defined.   This issue can be caused by the vCD Server certificate's 'Common Name' value not matching the Hostname / IP value input into Zerto for VCD.

This can be done within a browser.

Example for Firefox:
When you have browsed to a website whose web address starts with https, there will be a lock icon at the beginning of the address bar. Click on the Site Info button icon and on the right arrow to get a pop-up with Page Info.   Next, click on "Security" and then "View Certificate" and you will be able to view the Common Name value.

If the Hostname / IP that you put into the Zerto site settings is different than the Common Name value of the certificate, Zerto will fail to connect and throw an error: "Please verify the server address and credentials are correct.“

Certificate in Chrome

Certificate in Firefox

We have also seen a situation where the cyphers allowed for the TLS 1.2 protocol were set on the VCD cell load balancer as follows:
Triple DES 168, AES 128 and AES 256 cyphers

The same error still persisted in VCD, even after correcting the Common Name of the VCD certificate.  The workaround in this case was configuring the Load balancer to use the default ciphers instead:
!aNULL:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH

Solution:

The value of 'Common Name' of the vCloud Director SSL certificate must match the Hostname / IP entered into Zerto for VCD.


Affected Versions:
All

Hypervisor:
VMware

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...