To optionally allow single-sign (SSO) on user authentication to the VMware Cloud Director Availability services, or after replacing the vCenter Server Lookup service certificate that is used as a replication source or destination, configure the VMware Cloud Director Availability services to trust the updated certificate.

  • By default, only the Replicator Service instances are configured with the vCenter Server Lookup service address for allowing singe sign-on user authentication. During the initial configuration, the Use the above Lookup Service address for Cloud, Manager, and Tunnel toggle is inactive by default. For more information, see Configure the Cloud Service in the Cloud Director site in the Installation, Configuration, and Upgrade Guide in the Cloud Director Site.
    Note: To allow single sign-on for these services and resolve the The service is not configured message on the dashboard, configure them with the address of the vCenter Server Lookup service as in steps 2-4.
  • Alternatively, after replacing the SSL certificate of the vCenter Server Lookup service, you must update all VMware Cloud Director Availability services configured with vCenter Server Lookup service to trust the updated certificate.

Prerequisites

  • Verify that the SSL certificate is successfully renewed, and that the vCenter Server Lookup service is updated to use the renewed certificate.
  • Verify that all infrastructure components in your environment that depend on the vCenter Server registration in the vCenter Server Lookup service are configured to trust the renewed certificate. An example of such a component is NSX Manager.

Procedure

  1. Configure the Replicator Service instance to work with the renewed vCenter Server Lookup service certificate.
    Repeat this step for all Replicator Service instances.
    1. In a Web browser, go to the Replicator Service management interface at https://Replicator-Appliance-instance-X-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup service address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Replicator Service configuration, click Restart service.
  2. (Optional) To allow using SSO login to the Cloud Service, configure it with the vCenter Server Lookup service address.
    1. In a Web browser, go to the Cloud Service management interface at https://Cloud-Replication-Management-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane under Configuration, click Settings.
    4. Under Service endpoints, next to Lookup Service Address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Cloud Service configuration, click Restart service.
  3. (Optional) To allow using SSO login to the Manager Service, configure it with the vCenter Server Lookup service address.
    1. In a Web browser, go to the Manager Service service management interface at https://Cloud-Replication-Management-IP-address:8441/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup Service Address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Manager Service configuration, click Restart service.
  4. (Optional) To allow using SSO login to the Tunnel Appliance, configure it with the vCenter Server Lookup service address.
    1. In a Web browser, go to the Tunnel Appliance management interface at https://Tunnel-Appliance-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup Service Address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Tunnel Service configuration, click Restart service.