Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Domain repoint fails while registering STS system tenant with VMCA_INVALID_CSR_FIELD exception You will see similar entries in domain_consolidator.log file location: /var/log/vmware/cloudvm/ 2020-05-02T11:28:42.003Z Getting value for install-parameter: upgrade.import.directory 2020-05-02T11:28:42.003Z VMware Identity Service bootstrap: importDirectory=/storage/seat/cis-export-folder/sso 2020-05-02T11:28:42.003Z VMware Identity Service bootstrap: isUgprading=False 2020-05-02T11:28:42.003Z Getting value for install-parameter: upgrade.import.directory 2020-05-02T11:28:42.003Z VMware Identity Service bootstrap: importDirectory=/storage/seat/cis-export-folder/sso 2020-05-02T11:28:42.003Z VMware Identity Service bootstrap: isUgprading=False 2020-05-01T11:10:36.387Z Running command: ['/usr/java/jre-vmware/bin/java', '-cp', '/opt/vmware/lib64/*:/usr/lib/vmware-sso/commonlib/*:/usr/lib/vmware/common-jars/log4j-core-2.11.2.jar:/usr/lib/vmware/common-jars/log4j-api-2.11.2.jar:/usr/lib/vmware/common-jars/log4j-slf4j-impl-2.11.2.jar:/usr/lib/vmware/common-jars/jcl-over-slf4j-1.7.26.jar:.:*', '-Dvmware.log.dir=/var/log/vmware/sso/', '-XX:ErrorFile=/var/log/vmware/sso/hs_err_stsinstaller_pid%p.log-XX:HeapDumpPath=/var/log/vmware/sso/', 'com.vmware.identity.configure.VMIdentityStandaloneInstaller', '--set-hostname', '--hostname', 'changeme.gsslabs.org', '--hostnametype', 'ipv4'] 2020-05-01T11:10:37.719Z Done running command 2020-05-01T11:10:37.719Z >>>>stderr: 2020-05-01T11:10:37.719Z Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true log4j:WARN No appenders could be found for logger (com.vmware.identity.interop.NativeLibraryPreloader). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. 2020-05-01T11:10:37.719Z <<<<stderr 2020-05-01T11:10:37.719Z >>>>stdout: 2020-05-01T11:10:37.719Z 2020-05-01T11:10:37.719Z <<<<stdout 2020-05-01T11:10:37.720Z ===Return code: 0 2020-05-01T11:10:37.720Z Getting value for install-parameter: upgrade.import.directory 2020-05-01T11:10:37.720Z VMware Identity Service bootstrap: importDirectory=/storage/seat/cis-export-folder/sso 2020-05-01T11:10:37.720Z VMware Identity Service bootstrap: isUgprading=False 2020-05-01T11:10:37.720Z Setting up system tenant. 2020-05-01T11:10:37.721Z Running command: ['/usr/java/jre-vmware/bin/java', '-cp', '/opt/vmware/lib64/*:/usr/lib/vmware-sso/commonlib/*:/usr/lib/vmware/comm on-jars/log4j-core-2.11.2.jar:/usr/lib/vmware/common-jars/log4j-api-2.11.2.jar:/usr/lib/vmware/common-jars/log4j-slf4j-impl-2.11.2.jar:/usr/lib/vmware/common -jars/jcl-over-slf4j-1.7.26.jar:.:*', '-Dvmware.log.dir=/var/log/vmware/sso/', '-XX:ErrorFile=/var/log/vmware/sso/hs_err_stsinstaller_pid%p.log-XX:HeapDumpPa th=/var/log/vmware/sso/', 'com.vmware.identity.installer.STSInstaller', '--register-system-tenant'] 2020-05-01T11:10:41.219Z Done running command 2020-05-01T11:10:41.219Z >>>>stderr: 2020-05-01T11:10:41.219Z Picked up JAVA_TOOL_OPTIONS: -Xms32M -Xmx128M -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true -Dorg.apache.xml.security.ignoreLineBreaks=true log4j:WARN No appenders could be found for logger (com.vmware.identity.interop.NativeLibraryPreloader). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. Failed to register system tenant. com.vmware.certificate.VMCAException: VMCA_INVALID_CSR_FIELD 2020-05-01T11:10:41.219Z <<<<stderr 2020-05-01T11:10:41.219Z >>>>stdout: 2020-05-01T11:10:41.219Z Starting system tenant registration... Exception occured while registering system tenant.com.vmware.certificate.VMCAException: VMCA_INVALID_CSR_FIELD 1: In call VMCAJavaGenCert2: Values Setup 2020-05-01T11:10:41.220Z <<<<stdout 2020-05-01T11:10:41.220Z ===Return code: 1 2020-05-01T11:10:41.220Z VMware Identity Service bootstrap failed. 2020-05-01T11:10:41.221Z Exception: Traceback (most recent call last): File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 1641, in main vmidentityFB.boot() File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 335, in boot self.configureIdentityManager(self.__idmRetryCount, self.__idmRetryInterval) File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 552, in configureIdentityManager self.configureSystemTenant() File "/usr/lib/vmidentity/firstboot/vmidentity-firstboot.py", line 480, in configureSystemTenant raise Exception('Failed to set up STS system tenant.') Exception: Failed to set up STS system tenant. Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
PNID change from IP to FQDN, followed by cross domain repoint will always fail with the error VMCA_INVALID_CSR_FIELD, because domain-repoint workflow checks install parameter "system.hostname.type" for CSR creation. Here, FQDNType is ipv4, but hostname/PNID is FQDN, hence GenCSR will have parameter "--IPAddress=<vCenter FQDN>" which is Invalid.This is due to, PNID change script not updating Hostname Type during IP to FQDN change. Ideally it should modify "system.hostname.type" from 'ipv4' to 'fqdn' as part of PNID workflow if change is from IP->FQDN
VMware is aware of this issue and working to resolve this in a future release.
To workaround the issue, modify the file below under install-defaults:From: cat /etc/vmware/install-defaults/system.hostname.type ipv4 To: cat /etc/vmware/install-defaults/system.hostname.type fqdn