Search the VMware Knowledge Base (KB)
View by Article ID

"Unable to connect on port" error when logging in to the vRealize Orchestrator (2144574)

  • 0 Ratings
Language Editions

Symptoms

When you are communicating or integrating between vRealize Orchestrator and vRealize Automation, you experience these symptoms:
  • The configuration of vRealize Orchestrator authentication settings is incorrect.
  • Unable to login to the vRealize Orchestrator client with an Active Directory user, configured in vRealize Orchestrator with vRealize Automation authentication settings.
  • Able to login to the vRealize Automation console (https://VRA_HOSTNAME/vcac/) with the same credentials.
  • There are more vco-service entries than expected in the vRealize Automation appliance management (VAMI) services page.
  • Navigating to Administration > vRO configuration > Server configuration reports these errors:

    • Unable to connect on port
    • Unable to establish a connection to vCenter Orchestrator server

Cause

This issue occurs when the vRealize Orchestrator to vRealize Automation integration is mis-configured.

Resolution

This is a known issue affecting VMware vRealize Automation 7.0.

Currently, there is no resolution.

To work around this issue, recover the vRealize Orchestrator to its default configuration:
  1. Remove all vco services registered in the component registry:

    1. Log in to all of the vRealize Automation/ Orchestrator appliance nodes through console or SSH session.
    2. Run this command:

      vcac-config service-delete --service-name vco

  2. Restore the sso.properties and cafe.properties to default settings in the embedded vRealize Orchestrator servers:

    1. Log in to all of the vRealize Automation / Orchestrator appliance nodes through console or SSH session.
    2. Edit the /etc/vco/app-server/sso.properties file on each server and update these entries:

      • com.vmware.o11n.sso.default.tenant = vsphere.local
      • com.vmware.o11n.sso.admin.group.name = vcoadmins
      • com.vmware.o11n.sso.admin.group.domain = vsphere.local

    3. Edit the /etc/vco/app-server/cafe.properties file on each server and update these entries to the defaults.

      • vco.cafe.service.host = vRealize_Automation/Orchestrator_or_load_balancer_VIP_FQDN
      • vco.cafe.service.port = 443
      • vco.cafe.property.is-embedded = true

  3. Restore the vRO cluster to default settings:

    1. Log in to all of the vRealize Automation/Orchestrator appliance nodes by console or SSH session.
    2. Run the following commands on each server:

      • rm /var/lib/vco/app-server/conf/vco-registration-id
      • vcac-vami vco-service-reconfigure

  4. If vRealize Orchestrator or vRealize Automation instance is clustered, execute the below steps:

    1. Log in to all of the vRealize Automation/ Orchestrator appliance nodes by console or SSH session.
    2. On the primary vRealize Automation/ Orchestrator appliance node, start the configuration service by running the command:

      service vco-configurator start

      Note
      : This may report an error if the service is already started.

    3. On the secondary vRealize Automation/ Orchestrator appliance nodes, run these commands:

      • chown vco /var/lib/vco/app-server/conf/security/passwordencryptor.key
      • chgrp vco /var/lib/vco/app-server/conf/security/passwordencryptor.key
      • service vco-configurator start

        Note: This step may report an error if the service is already started.

    4. Re-Cluster the secondary Orchestrator nodes:
    5. Log into https://Host_FQDN:8283/vco-controlcenter as the appliance root user(on your secondary appliance)
    6. Navigate to Home > Manage > Join Node to Cluster and provide the location and credentials of the first vRealize Automation/Orchestrator node.
    7. To resolve the  BadCredentialsException error, see the VMware Knowledge Base article 2143150.

  5. Configure vRealize Orchestrator default administrators group to use an AD group instead of vsphere.local\vcoadmins.

    To Configure the default administrators group to use an AD group in Orchestrator instances:

    1. In embedded Orchestrator instances:

      1. Log in to all of the vRealize Automation/Orchestrator appliance nodes by console or SSH session.
      2. Edit the /etc/vco/app-server/sso.properties file on each server and update the following entries to your values:
        • com.vmware.o11n.sso.default.tenant = new_tenant
        • com.vmware.o11n.sso.admin.group.name = vRO_administrators_group
        • com.vmware.o11n.sso.admin.group.domain = group_domain
      3. Edit the /etc/vco/app-server/cafe.properties file on each server and verify that the property vco.cafe.service.port has a value of 443.
      4. Restart the vco service by running this command:

        service vco-server restart

    2. In external Orchestrator instances:

      1. Log in to the Control Center for all external vRealize Orchestrator appliance nodes.
      2. Navigate to the Configure Authentication Provider on each.
      3. Click on Change for the Admin Group.
      4. Select the new AD group for the vcoadmins and click Save.
      5. Restart the vco service by running this command:

        service vco-server restart

  6. Complete the configuration:  

    1. Restart vco and vcac services on all appliances by running these commands:

      service vcac-server restart
      service vco-server restart
    2. Log in to your vRealize Automation tenant as a tenant administrator.
    3. Navigate to Administration > Directories Management > Identity Providers and select the current Identity Provider.
    4. Ensure that the IdP hostname field is set to the vRealize Automation server host name or, if vRealize Automation is clustered, the load balancer VIP address and change if needed.

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: