Recently, I was trying to deploy vRA 8.1 with vRLCM 8.1 Patch 1. I already configured the vIDM 3 node cluster, so I was ready to go.
First I deployed a vRA 8.1 standard environment and that went fine without any issues.
So, after that I was confident enough to deploy a vRA 8.1 cluster. Unfortunately my deployment failed. The corresponding error I found in /var/log/deploy.log was the following:
| Identity Service health check failed. If load-balancer is deployed, make sure it is properly configured. |
Before vRA 8.1, I always used ‘Persistence’ Source IP and ‘type’ SSL Passthrough for the Application Profile of the vRA Load Balancer. Also there was no proper information available on how to configure the LB for vIDM.
Last week I found an updated document on how to configure your Load Balancer for vRA 8.1. Surprisingly the applied Load Balancer configuration was slightly changed and the Load Balancer configuration for vIDM was added.
Now with vRA 8.1 the ‘Persistence’ has been changed to None, the ‘type’ SSL Passthrough has not been changed and the ‘Expires in’ value has been changed to None for the Application Profile of the vRA Load Balancer.
For the vIDM Load Balancer the ‘Persistence’ should now been set to Source IP, the ‘type’ should now be SSL Passthrough and the value for ‘Expires in’ should be set to 36000.
https://docs.vmware.com/en/vRealize-Automation/8.1/vrealize-automation-load-balancing-guide.pdf
After I changed the Load Balancer configuration for vIDM and vRA my deployment succeeded. 🥳🤩😎
Finally I could enjoy my new vRA 8.1 cluster running with a vIDM 3.3.2 cluster.
Hi Dennis,
I saw your blog and planning to install the vIDM cluster in the same fashion as you mentioned,but before this i have couple of doubts.
1. Which load-balancer do you used for configuration?
2.Did you apply the SSL certificates on vIDM VIP in load balancer?
3.If yes, then did you disable the SSL pass-through on vIDM application profile?
4.
Hi Gajendra,
Sorry for the late response..
1. I used a NSX-V Load Balancer for vIDM cluster..
2. Yes, I applied SSL certificates to the load balancer
3. Yes, to use the certificate you need to disable SSL pass-through..
BUT.. there is a catch in here..
When I was testing the 3 node vIDM cluster, it was only possible to deploy the 3 node vIDM cluster with vRLCM and an application profile with SSL Passthrough enabled.
After the deployment I was able to change the application profile to use HTTPS-end-to-end what is using the certificate.
Regards,
Dennis
Thank you for sharing this!
Did you find any issues with vRLCM sync with VIDM after dpeloying or upgrading to a clustere VIDM 3.3.2?
I’m running into an issue where I can no longer sync VIDM with vRLCM post the scale out, even though it re-registers just fine.
Thanks,
Bhumika
I have a question about vIDM and LB
as mention “For the vIDM Load Balancer the ‘Persistence’ should now been set to Source IP, the ‘type’ should now be SSL Passthrough and the value for ‘Expires in’ should be set to 36000.”
my question is that can we changing the expires value from 36000 to other value like 1800
if not, what the reason why we need expires 36000
thanks
In 8.1, for clustered configuration 3 nodes are mandatory for vRealize suite products, what is the role of third node in vRA? does the 3rd node work as witness node?
You made some decent factors there. I viewed on the web for the problem and also found most people will certainly accompany with your site. Roosevelt Pendergraft