Category Archives: vCloud

HTTP Error 500 Post Upgrade to vCloud Director 9.0

This week I decided to jump on the upgrade bandwagon along with a number of other excited people in the vExpert Slack group.  While most, if not all, had success stories I unfortunately ran into some post upgrade portal issues.

The upgrade process to version 9.0 was no different from previous releases.  I followed my regular upgrade process which went off without issue.  When I went to log into the Administrator Portal I was faced with an HTTP Error 500 page.  Argh!

HTTP ERROR 500

Problem accessing /cloud/saml/login/alias/vcd. Reason:

Server Error

Caused by:

javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP at org.springframework.security.saml.SAMLEntryPoint.commence(SAMLEntryPoint.java:161) at org.springframework.security.saml.SAMLEntryPoint.doFilter(SAMLEntryPoint.java:107) at com.vmware.vcloud.web.NestedFilterChain.doFilter(NestedFilterChain.java:45) at com.vmware.vcloud.web.UnfirewalledFilterChainProxy.doFilter(UnfirewalledFilterChainProxy.java:62) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

To my surprise tenant Portals were fine and able to log in.  This was Admin Portal specific.

Checking the release notes I knew there was a breaking change with Federation and SAML which required you re-register your organization with your SAML IDP.  That’s fine I thought, were not using SAML.  And besides the notes seem to indicate you make the change post upgrade.

System administrators cannot use an existing vSphere SSO configuration to authenticate to vCloud Director.

Federation for the System organization has changed in this release. The System organization can now use any SAML IDP, not just the vSphere Single Sign-On service. Existing federation settings for the System organization are no longer valid and are deleted during the upgrade.

Workaround: Re-register your organization with your SAML IDP. See “Enable Your Organization to Use a SAML Identity Provider” in the vCloud Director Administrator’s Guide

Turns out, though, we were in fact using SAML, or at least had it enabled in a non functioning state.  So despite the release notes stating that it would be deleted, it appeared to remain in a broken state post upgrade and now was preventing the Portal from loading at all.

The solution turned out to be relatively easy with VMware GSS help.  Login to the Admin Portal specifying the full URL to the login.jsp file with your standard System Administrator account.

https://portal.mydomain.local/cloud/login.jsp

Navigate to the Administration Page and then to Federation.  Untick Use SAML Identity Provider and Apply.

The change should take effect immediately.  Logout and back in as you normally would to the portal without the trailing /cloud/login.jsp.

While I’m sure this was a corner case please take note of your SAML settings.  If you don’t use it, make sure you don’t have it enabled.

Uploading an OVF / OVA to vCloud Director 1.5

In my previous post I wrote on Exporting an OVF / OVA file template from vCenter.  So now I thought I might cover the process of importing that OVF using the Upload feature in vCD 1.5.  If migrating VMs from a vCenter environment to a vCloud environment it is a fairly straightforward process.  For a relatively small amount of VMs you can use the Upload feature.

Click on the Catalogs tab and select your catalog from the left pane.  Under vApp Templates click on the Icon that looks like a disk drive with a green up arrow.  Alternatively click on the blue cog Icon and select Upload.

vcd_ovf01

The Upload OVF package window will appear.  Click the Browse button and located either an OVF or OVA file of a package.  GIve the new VM being imported a Name.  If you have multiple Virtual Datacenters, select one from the list.  Click Upload.

vcd_ovf03

The Transfers progress window will appear.

vcd_ovf04

At this point vCD will validated the package, which can take some time.  If an issue is found it will error out before starting the file upload process.

References

Exporting an OVF / OVA file from vCenter