So I'm having a problem with a new installation of App Controller and Virtual Machine Manager 2012.  Basically I have added a clustered file server and share to the library server of VMM.  That server has plenty of storage so I want to default all of the library files to point to there.  While I can add it to VMM just fine, when I go to app controller and try to import certificates of the VMM server they will fail.

I have verified that the problem occurrs after I add the clustered file server to the library.  Importing the VMM server certificates work flawlessly when that clustered server is not attached to VMM.

Here are the error messages that are generated every time it failes:

Export of the library server certificate from the VMM server has failed for library server %clustered library server%. In order to perform this operation, you must be an Administrator in both Virtual Machine Manager and App Controller, and also a local Administrator on the server. (StatusCode: Microsoft.SystemCenter.CloudManager.Providers.ProviderException) - I have triple checked these permissions so I'm satisified that this is not the issue

and

An internal error has occurred trying to contact an agent on the NO_PARAM server: NO_PARAM: NO_PARAM.
Ensure the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent. (StatusCode: Microsoft.VirtualManager.Utils.CarmineException) - I'm assuming this is the main issue causing my problem.

I have verified that the agent and WS-Management services are installed and running so I'm left in the dark.....

• Edited by Ian.Davies Friday, June 08, 2012 8:05 PM

I'm not running a clustered file server, but I have run into a failing certificate import.

The only workaround I was able to find after a lot of back and forth was to not upgrade the VMM console on the App Controller server to the latest patch. I'm running all patches on the VMM server, and have applied the App Controller patch as well, but with the RTM version of the VMM console. (Not sure if I'm missing out on something else by not patching it all the way.)

Hi Ian, Andreas,

Sorry for being quiet on this thread - I'm currently talking to a couple of folks about this and will post again when I find out more. 

Ian - I'll get a list of steps so that you can do a manual import of the certificates.

Andreas - Update rollup 1 for App Controller requires that Update Rollup 1 for VMM be installed on the VMM console for the App Controller server. The App Controller update checks to ensure that the VMM update is installed before it installs. 

Thanks

Richard

I found a way around my problem.

Basically I clustered the environment and added a large SAN partition for this data.  I then created a new virtual disk to use this storage and added it to the VMM as the main library storage.

I am having the orginal issue in this post . We just switched from a Stand Alone SCVMM to SCVMM 2012 on an HA Failover Cluster. The library share is now on clustered storage.  Have the manual import steps been posted anywhere ? And since it is trying to connect using the Client Access Point , How would you  create a  cert for that ?

Hi,

Did you ever find an answer to this as I have the exact same situation....

Richard

Sorry for the super long delay on this folks.

The good news is that we've got this into our bug system, and understand what the issue is with clustered library servers.

More importantly for you we have some steps you can use to manually import the missing certificates.

1. Open MMC (Start -> Run -> MMC)
2. Add the certificate snap-in and select Computer account and specify your VMM server
3. Add the certificate snap-in and select Computer account and specify your App Controller server
4. Expand the Trusted People\Certificates folder for the App Controller server
5. Browse to the Trusted People\Certificates folder for the VMM server
6. Make sure you're looking in the Friendly Name column for the certificates
7. Find the certificates that start with SCVMM_CERTIFICATE_KEY_CONTAINER and then has the FQDN of the library cluster nodes
   You only need the certificates for the library server - you don't need any of the certificates for the Hyper-V hosts
8. Copy the certificates to the Trusted People\Certificates folder on the App Controller server

If you previously had success importing certificates, you might find that some of the library certificates are already present. You do not need to recopy these certificates - just the missing certificates for the library servers.

On the VMM server you will see a certificate for each of your host computers - you do NOT need to copy these certificates.

Thanks

Richard

I can confirm this happened for us as well.

One addition for those who have installed a clustered VMM server: in step two of Richard's procedure, specify the clustered service name, rather than the server name of any of the nodes. Only under the service name will the library certificates appear in the Certificates snap-in. I also copied over the certificate of the clustered service name, although I'm not sure if that was required.

----

For the search engines, here's the error I received from App Controller after attempting to add the VMM server and import certificates automatically:

Category: Critical

Description: You cannot access VMM management server  <FQDN of host>.

Details: Category: Critical

Message: System.ServiceModel.CommunicationException

Description: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:29.9060000'.

 

Category: Critical

Message: System.IO.IOException

Description: The read operation failed, see inner exception.

 

Category: Critical

Message: System.ServiceModel.CommunicationException

Description: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:29.9060000'.

 

Category: Critical

Message: System.Net.Sockets.SocketException

Description: An existing connection was forcibly closed by the remote host

• Marked as answer by Richard RundleMicrosoft employee, Owner Wednesday, August 22, 2012 5:24 AM

One more addition: I had to restart IIS after making the change to make App Controller happy again.

Noah

• Marked as answer by Richard RundleMicrosoft employee, Owner Wednesday, August 22, 2012 5:26 AM

Thanks for the additional clarifications Noah!

Regards

Richard

So I followed the instructions that you had mentioned above by manually importing the VMM library certs over to the Trusted Peoples\Certificates Store of my AppController server, and I am still receiving the following connectivity error as mentioned above in your post when I try to connect my VMM clustered server to my AppController server.  I even restarted IIS on my AppController server to make it happy again.  Do you have any additional insight you can offer? 

Thanks

Rich

Hi Rich,

Can you share which version of VMM and App Controller (2012, 2012 SP1, 2012 R2) you are running, and which update rollup is applied?

Are the VMM server and the VMM console on the App Controller server running the same update rollup version?

Kind Regards,

Richard

I am running VMM 2012 R2 and App Controller 2012 R2 for both servers.

Are upgrade rollups applicable for 2012 R2 (VMM and AppController)?

I am still getting the same error when trying to connect my VMM from my AppContoller Server

Category: Critical
Description: Connection attempt to the target system failed.
Details: Category: Critical
Message: 1604ConnectServerAuthenticationFailed
Description: You cannot access VMM management server <FQDN of Host>.
Details: Category: Critical
Message: System.ServiceModel.CommunicationException
Description: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:29.9860000'.

Category: Critical
Message: System.IO.IOException
Description: The read operation failed, see inner exception.

Category: Critical
Message: System.ServiceModel.CommunicationException
Description: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:05:29.9860000'.

Category: Critical
Message: System.Net.Sockets.SocketException
Description: An existing connection was forcibly closed by the remote host

Sincerely,

Rich