Solved: Re: [SmartConnector] VMware Web Services - Micro Focus Community

jng1 · ‎2012-06-12

I was looking through the VMwareWebServicesConfig.pdf in SmartConnector Guide 5.2.3.6281. in order to obtain the logs, we need to specify the following in the connector:

host (hostname of the vSphere server)

username:

password:

my question would be, what is the minimum level of privilege required for smartconnector to accurately collect logs from vsphere? im hoping it not to be administrator. i have combed through the entire PDF and found no clue. would greatly appreciate if anyone who has experience with this shed some light!

aner@we-can.co. · ‎2012-06-28

Hii.

Work by this:

1. set user and pass on the VC.

2. get.rui.crt from VC in c:\documents and settings\all users\applicationData\VMwareVirtualCenter\SSL

3. put the rui.crt in $ARCSIGHT_HOME\Current\jre\lib\security

4.from bin, run: arcsight agent keytool -import -trustcacerts -alias vmware -file d:\arcsight\vmware\current\jre\lib\security\rui.crt -store -clientcerts

5.run agentsetup

6.validateCert=true

7.host=the host as in the rui.crt

8.user and pass = as set in the VC

goodluck

View solution in original post

jng1 · ‎2012-06-20

anyone able and willing to share some light..?

Rodion · ‎2012-06-20

Hello!

As I know, you need create just a user, without any additional privileges and this user will have ability to read logs by default.

gbenga.ogunsaki1 · ‎2012-06-20

Hi Jack,

There are additional configuration to ensure user has the required privileges to collect logs:

1. On the vSphere Console Menu, click on the 'Inventory' menu

2. Click 'Virtual Machine'

3. Choose 'Add Permission' from the list

4. Click the 'Add' button under the 'Users and Groups' section on the left and select intended user.

5. Choose the required level of role from the 'Assigned Role' drop down on the right (where role is any of 3 'No access', Read-only' and 'Administrator'). Where Read-Only is sufficient for this purpose

6. Expand 'Datastore' and check the 'Browse datastore' box

7. Click OK

I hope this helps.

Gbenga.

jng1 · ‎2012-06-20

Hi Rodion,

yes that was what i saw from the smartconnector guide, however, my customer would like me to confirm if the rights are minimal.

Gbenga,

thanks for the advice! what you have suggested seemed logically sound and i will try this out with my client soonest.

thanks everyone for the feedback!

aner@we-can.co. · ‎2012-06-26

Hii.

Read-only permissions. not more is needed.

plus, web service agent uses .cer file (from the vc) you have to import to the agent using keytoolgui.

jng1 · ‎2012-06-27

Hi aner@we-can.co.il,

i was looking at your reply and i saw this keytoolgui. this was not mentioned in the official docs and im having difficulty collecting the logs from vmware web services. mind sharing how this process works for u?

aner@we-can.co. · ‎2012-06-28

Hii.

Work by this:

1. set user and pass on the VC.

2. get.rui.crt from VC in c:\documents and settings\all users\applicationData\VMwareVirtualCenter\SSL

3. put the rui.crt in $ARCSIGHT_HOME\Current\jre\lib\security

4.from bin, run: arcsight agent keytool -import -trustcacerts -alias vmware -file d:\arcsight\vmware\current\jre\lib\security\rui.crt -store -clientcerts

5.run agentsetup

6.validateCert=true

7.host=the host as in the rui.crt

8.user and pass = as set in the VC

goodluck

View solution in original post

AS_User · ‎2013-01-10

you can use a base64 encoded .cer file which can be exported from the vsphere server by using internet explorer to browse to it and exporting the certificate.

this has to be added to the connector cacerts file by using the keytoolgui.

no idea why this isnt documented in the connector configuration guide - it would be really helpful.

cheers, tom

ca199777 · ‎2013-03-02

Yep, I completely agree. If it wasn't for finding this info here on Protect724, I would not have been able to figure it out. Needs to be in the product manual.

CP.

sunil.jaiswal8 · ‎2015-07-10

Hi,

I am getting below error message while configuring smart connector VMware Web Services on connector appliance.

"Connector table parameters did not pass the verification with error [0:Unable to open a connection to [Hostname]. (; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target) ]. Do you still want to continue?"

I have uploaded the required certificate to container of connector appliance. has anyone faced the similar issue?

Regards,

Sunil

jsl@actinet.cz · ‎2019-09-11

Hello, I can see this post is pretty old, but have you resolved it somehow?

I'm getting same error on connector 7.8, and customer tells me that only vcenter was upgraded from 5.5 to 6.5.

I asked them to mail me a new certificate, imported it, but it's the same like before and am getting following error.

Thanks

Jan

[SmartConnector] VMware Web Services

Smart Connector