When attempting to install a new vRA vSphere Proxy Agent whilst on a customer engagement, I encountered the below error when testing the connection to the Manager Server Host and Model manager Web Service Host VIPs during the Install Proxy Agent wizard:
“Cannot validate Manager Service host. The remote certificate is invalid according to the validation procedure.”
When clicking “Test”, it is expected that a prompt will ask whether it should trust the new certificate, however instead I was getting this error.
A note about this deployment, is that vRA was deployed with vRealize Lifecycle Manager (vRLCM), and is using a certificate provisioned by the vRLCM CA for its certificates.
The workaround I found was a mix between these two different KB articles, basically adding the vRLCM CA Root Cert into the Proxy Agent VMs trusted Root store. Here are the steps:
- Login to vRLCM, then go to Certificate Management.
- Download the Certificate Chain (in PEM format).
- Edit the .pem file, and copy out the Root CA. This will be the bottom-most block, just above the Private Key. Don’t forget to include the text “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“
- Paste this block of text into a new file, and name it “Root.cer”
- Copy this file over to your Proxy Agent VM, right click, and Install.
- Install the certificate for “Local Machine”, in the “Trusted Root Certification Authorities” certificate store.
- Now go back to the Proxy Agent install wizard, and hit Test again. It should Pass successfully.