03-18-2019 11:47 AM
Hello All I tried setting up vdiscovery and got the following error ERROR: PycURL"
It looks like the market place infoblox vm has an expired cert for login.microsoftonline.com
I found the following information
If the "ERROR: PycURL" error is displayed when you run a vDiscovery job, it is possible that the cloud provider has updated their certificate. You need to download the latest certificate from the cloud provider website and upload it to NIOS. For example, for AWS, download the certificates from https://www.amazontrust.com/repository/. For information see Error while running job.
any one know if like AWS there is a repo for AZURE that i can access for the azure service endpoint cert ?
03-26-2019 12:15 PM
If you look at the full message, you may also see a message about the system being unable to get the local issuer certificate. In the Infoblox.log (from the Support Bundle), this may look like the following:
[2017/05/26 08:23:34.472] (26894 <py>/infoblox/dns/bin/cdiscovery_executor) cloud_discovery_executor.py:353 run(): [Error while running Job]: initialize or call AZURE cdiscovery driver ERROR: PycURL error: (60, 'SSL certificate problem: unable to get local issuer certificate') ret=DRIVER_ERROR
If this matches up with what you are seeing, this is a byproduct of changes that Azure has made. Previously, the same certificates were used across different services but this has changed over time. Because vDiscovery uses secure connections, this causes the certificate handshake to fail.
As Infoblox has become aware of these changes, these new certificates have been added with updates to NIOS and in the latest NIOS 8.4 release, you are even able to update these certificates yourself. If you are able to upgrade, this should resolve this issue for you.
03-26-2019 04:26 PM
That error is different from what you would expect for a certificate issue. Make sure that the system time for your Infoblox server(s) is correct, check for any network security devices that might be causing issues with the HTTPS connection to login.microsoftonline.com, and that NIOS is resolving login.microsoftonline.com to the correct address.
Beyond that, a Traffic Capture run while reproducing the issue and a Support Bundle may also be required to troubleshoot this further. I would recommend consulting with Infoblox Support so that they can help go through this with you.