Solved: Re: vRA services health check failed. For more inf...

ashish_S · ‎05-04-2023

I was trying to update the SSL certificates of VRA 7.6. The certificate installation was successful on VRA however on the IAAS Manager and Manager it started showing error and in Summary page it showed the error below;

Services:vRA services health check failed. For more information, see Services page.

Cluster status: vRA Cluster validation failed. For more information, see Cluster page.

Troubleshooting steps Tried:

1.Rebooted the complete stack

2. installed self sign certificates(Generate certificate option)

3. Also tried https://kb.vmware.com/s/article/2147446 to bring the services back but no luck.

Cluster status: all the nodes are up.

If i go to services page, 2 of the services are showing unavailable

advanced-designer-service

o11n-gateway-service

Attaching screenshots for reference

ashish_S · ‎05-11-2023

Thanks Shen,

I got the help from Vmware. the problem was with vco service not trusting the new certificates. The support person asked me to run the commands below

1
Stop the vRealize Orchestrator server and Control Center services.
service vco-server stopservice vco-configurator stop
2
Reset the vRealize Orchestrator authentication provider by running the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authenticationls -l /etc/vco/app-server/mv /etc/vco/app-server/vco-registration-id /etc/vco/app-server/vco-registration-id.oldvcac-vami vco-service-reconfigure
3
Check the trusted certificate for the vRealize Orchestrator trust store using the command line interface utility located at /var/lib/vco/tools/configuration-cli/bin with the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust
n
Check for the certificate with the following alias: vco.cafe.component-registry.ssl.certificate. This should be the vRealize Automation certificate that the vRealize Orchestrator instance uses as an authentication provider.
n
This certificate must match the newly configured vRealize Automation certificate. If it does not match, it can be changed as follows:
1
Copy your vRealize Automation signed appliance certificate PEM file to the /tmp folder on the appliance.
2
Run the following command adding the appropriate certificate path.
./vro-configure.sh trust --certificate path-to-the-certificate-file-in-PEM-format--registry-certificate

See the following example command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --certificate /var/tmp/test.pem --registry-certificate
4
You may need to run the following commands to trust the certificate.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --uri https://vra.domain.com/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --registry-certificate --uri https://vra.domain.com
5
Ensure that the vRealize Automation certificate is now injected into the vRealize Orchestrator trust store using the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust
6
Start the vRealize Orchestrator server and control center services.
service vco-server startservice vco-configurator start

It resolved the issue all the services are up and running.

I am attaching the document that I used the solution is on page on 20.

View solution in original post

Shen88 · ‎05-04-2023

@ashish_S,

Please refer the below old post, this should help to resolve your issue with advanced-designer-service & o11n-gateway-service being Unavailable.

Solved: [vRA 7.3.1] - Upgrade 7.4 failed - VMware Technology Network VMTN

If you think your queries have been answered, Mark this response as "Correct" or "Helpful" and consider giving kudos to appreciate!

Regards,
Shen

ashish_S · ‎05-11-2023

Thanks Shen,

I got the help from Vmware. the problem was with vco service not trusting the new certificates. The support person asked me to run the commands below

1
Stop the vRealize Orchestrator server and Control Center services.
service vco-server stopservice vco-configurator stop
2
Reset the vRealize Orchestrator authentication provider by running the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authenticationls -l /etc/vco/app-server/mv /etc/vco/app-server/vco-registration-id /etc/vco/app-server/vco-registration-id.oldvcac-vami vco-service-reconfigure
3
Check the trusted certificate for the vRealize Orchestrator trust store using the command line interface utility located at /var/lib/vco/tools/configuration-cli/bin with the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust
n
Check for the certificate with the following alias: vco.cafe.component-registry.ssl.certificate. This should be the vRealize Automation certificate that the vRealize Orchestrator instance uses as an authentication provider.
n
This certificate must match the newly configured vRealize Automation certificate. If it does not match, it can be changed as follows:
1
Copy your vRealize Automation signed appliance certificate PEM file to the /tmp folder on the appliance.
2
Run the following command adding the appropriate certificate path.
./vro-configure.sh trust --certificate path-to-the-certificate-file-in-PEM-format--registry-certificate

See the following example command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --certificate /var/tmp/test.pem --registry-certificate
4
You may need to run the following commands to trust the certificate.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --uri https://vra.domain.com/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --registry-certificate --uri https://vra.domain.com
5
Ensure that the vRealize Automation certificate is now injected into the vRealize Orchestrator trust store using the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust
6
Start the vRealize Orchestrator server and control center services.
service vco-server startservice vco-configurator start

It resolved the issue all the services are up and running.

I am attaching the document that I used the solution is on page on 20.

All

vRA services health check failed. For more information, see Services page.