Working with a customer last week I came across an interesting gotcha when connecting the Skyline Collector to vCenter.
I picked up the case as the customer was having difficulty gathering logs for a case raised with VMware GSS, they couldn’t log into the console of the collector as root and were not clear how to extract logs even if they could login.
Resetting the root password
So firstly I walked the customer through resetting the appliance root password. there’s a good KB article that covers how to do this and also reset other credentials, so I’ll not copy the process out here.
Again once you have root access to the appliance generating the log bundle has a good VMware KB article;
I would suggest running the command that generates the log bundle from a directory that you create, this is just to make it very clear the files that have been created, this can be done with a simple ‘mkdir’ command.
Copy Logs from the Skyline Appliance
Every action we’ve done thus far has been from the console of the appliance. To copy the logs from the appliance we need to connect from it remotely. If you try a remote connection via SSH login in as root, you’ll be denied access.
SSHD is configured to not permit root login.
To change this configuration changes need to be made to the sshd_config file. This configuration file can be found in /etc/ssh/sshd_config, to edit it we need to use ‘vi’.
From vi edit the highlighted line to “PermitRootLogin yes”. Now access is permitted, you’ll be able to copy the log files out of the system and upload them to VMware GSS.
Connecting to vCenter
Having gone through the process of generating the log bundle and extracting that from the appliance, I asked to take a look at the errors being generated when trying to connect to vCenter.
The encountered error;
“Endpoint test failed. Error message: Couldn’t create PropertyCollector facade for getting the VC UUID -> java.lang.RuntimeException: Couldn’t login the client. -> Couldn’t login the client. -> General failure. -> Unexpected status code: 404”
A quick look through the process I noticed that there was an advanced configuration option for SSO. Given that the customer had a customer SSO domain, I made the leap to configure this section – bingo – connection to vCenter achieved.
This requirement for customer SSO domain configuration is documented at the following VMware documentation link;
The relevant section is;
“If you are using an external Platform Services Controller (PSC), Single-Sign On (SSO) provider or have a custom SSO domain, toggle the Use Custom SSO Configuration switch to Yes.
- Enter the PSC/SSO server IP address or fully-qualified domain name (FQDN).
- If you are using the default PSC/SSO provider configuration, you DO NOT have to complete the Advanced Options (optional) text boxes. You only have to complete the SSO Admin URL, SSO STS URL , and Lookup Service URL if you specified a custom configuration during the deployment of your PSC or SSO provider.
- If you do not want to collect product use data from all data centers connected to the vCenter Server you are configuring, toggle the Collect from all data centers switch to No, then click Add. An invalid certificate warning might appear. The certificate is expected, click Continue. Select the checkbox next to each data center that you want to collect product use data for. When finished selecting data centers, click Enable Selected Datacenters.”
Hopefully this is useful information!