"HTTP error 404" error when accessing vRealize Orchestrator control center page

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

Unable to access vRealize Orchestrator control center page.
You see this error:

HTTP Error 404
You see that configurator server service is running.
In the /var/log/vco/configuration/controlcenter.log file, you see the entries similar to:

<YYYY-MM-DD>T<time> [localhost-startStop-1] ERROR [ContextLoader] Context initialization failed</time>

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityContext' defined in ServletContext resource [/WEB-INF/security.xml]: Invocation of init method failed; nested

exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'configurationData' defined in class path resource [META-INF/spring/cc_authentication-common-config.xml]:

Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vmware.vcac.authentication.http.configuration.ConfigurationDat

aAdapter]: Constructor threw exception; nested exception is com.vmware.o11n.cis.CisException: com.vmware.o11n.cis.CisException: com.vmware.o11n.cis.CisException: javax.net.ssl.SSLHandshakeException: java.se

curity.cert.CertificateException: No subject alternative names matching IP address xx.xx.xx.xx found

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1628)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)

at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)

at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)

at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:742)

at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866)

at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542)

at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware vRealize Orchestrator 7.3.x
VMware vRealize Orchestrator 7.2.x
VMware vRealize Orchestrator 7.1.x

Cause

The issue occurs when the Authentication provider is configured in vRO using a Hostname or IP address which is does not match any entry in the SAN (subject alternative name) field of the SSL certificate of the authentication provider. For example, using the IP address of a Platform Service Controller with a default certificate, which contains only the FQDN.

Resolution

To resolve the issue,

Log in to the vRealize Orchestrator appliance using SSH or console.
Reset the authentication provider by running this command:

/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authentication
Restart the orchestrator configurator service by running this command.

service vco-configurator restart
Launch the control center. Now the page should be displayed.
Configure the Authentication provider using the SAN name on the certificate.