Solved: HyperFlex: vCenter SSO server reachability check

formz · ‎03-19-2018

Installing the cluster for the first time... hosts are in vCenter, storage VMs are up, networking appears to be solid. However under the 'Create Validation' phase of the installer I get this message:

vCenter SSO server reachability check

SSO server is not reachable at URL: https://vcenterFQDN/sts/STSService/vsphere.local. Verify URL or DNS is setup properly so that FQDN is reachable from Installer.

SSO is up, the FQDN is correct, and the hosts have communication with vCenter. I cannot for the life of me figure this out and Cisco TAC has been hard at work trying to figure it out as well with no luck. Anyone have any ideas?

formz · ‎04-03-2018

The installer DNS could resolve the vCenter in both directions. What ended up "fixing" this for me was specifying the vCenter SSO server using IP address instead of FQDN. Doing that, it ended up finding it just fine. Even in the logs that I dissected all the DNS requests were filled correctly, but for some reason the HyperFlex installer wouldn't finish. Oh well.

View solution in original post

Clifford Aldan · ‎03-26-2018

Is the SSO running on a vCenter instance or is it running on a separate External PSC?

If it's running on vCenter (no PSC in the environment), then you can keep this entry empty

If you have an external PSC, then verify that you can actually traverse the URL

Here's an example of successfully accessing the required URL

martinwi · ‎04-03-2018

I have deployed two Hyperflex systems.

I get this issue now with the second one.

Both are running on the same network and use the same vCenter.

It works fine to netcat from the HX-installer to vCenter port 7444 as well, so this is very strange.

martinwi · ‎04-03-2018

Exported the installer configuration, deleted the cluster in vcenter, deassociated the servers in UCS and then re ran the installer with the saved config seems to have solved the problem.

formz · ‎04-03-2018

The installer DNS could resolve the vCenter in both directions. What ended up "fixing" this for me was specifying the vCenter SSO server using IP address instead of FQDN. Doing that, it ended up finding it just fine. Even in the logs that I dissected all the DNS requests were filled correctly, but for some reason the HyperFlex installer wouldn't finish. Oh well.

martinwi · ‎04-03-2018

I was actually specifying the IP/URL to SSO manually in my config, as I didnt have working DNS, and that worked fine for the first system. Not the second.

Anyhow as I wrote above, re doing it from the start solved it for me. That seems to be the trick for a multitude of issues when deploying HX by the way...

formz · ‎04-03-2018

The Cisco tech that I worked with had zero clue how to fix it or even a ‘try this’ type solution. Honestly, it seemed like he was high as a kite every time I talked to him. I tried re-doing it a couple of times from scratch and always had the same error until I specified IP instead of FQDN.

martinwi · ‎04-03-2018

When I've talked to the Cisco TAC it seems to me like they don't have too much experience with HyperFlex.

We got our systems for free so it doesn't matter that much, they won't be doing production critical stuff.

dmonagh4n · ‎12-08-2022

So maybe slightly off topic, but I was doing a 3-node edge deployment via Intersight with a customer and ran into a very similar issue.

The customer was just recently in the job and wasn't aware of the DNS servers when we were racking and stacking the chassis and getting them claimed into Intersight so just used Umbrella public resolvers to get them up and running and manageable remotely. As the vCentre was on a local FQDN, obviously public Umbrella couldn't resolve these FQDNs.

Long story short, I missed getting these changed back to the local Umbrella VAs/Local NTP which is what resolved the issue for me.

Thanks,