Reply
Highlighted

between a rock and a hard place azure vdiscovery

peanut
Techie
Posts: 5
3016     0

Hello All I tried setting up vdiscovery and got the following error   ERROR: PycURL"

 

It looks like the market place infoblox vm has an expired cert for login.microsoftonline.com

 

I found the following information  

 

If the "ERROR: PycURL" error is displayed when you run a vDiscovery job, it is possible that the cloud provider has updated their certificate. You need to download the latest certificate from the cloud provider website and upload it to NIOS. For example, for AWS, download the certificates from https://www.amazontrust.com/repository/. For information see Error while running job.

 

any one know if like AWS there is a repo for AZURE that i can access for the azure service endpoint  cert ?

https://login.microsoftonline.com/*

 

Re: between a rock and a hard place azure vdiscovery

[ Edited ]
bvihlidal
Techie
Posts: 3
3017     0

I came here to post the exact same question!

 

Re: between a rock and a hard place azure vdiscovery

TTiscareno Community Manager
Community Manager
Posts: 317
3017     0

If you look at the full message, you may also see a message about the system being unable to get the local issuer certificate. In the Infoblox.log (from the Support Bundle), this may look like the following:

 

[2017/05/26 08:23:34.472] (26894 <py>/infoblox/dns/bin/cdiscovery_executor) cloud_discovery_executor.py:353 run(): [Error while running Job]: initialize or call AZURE cdiscovery driver ERROR: PycURL error: (60, 'SSL certificate problem: unable to get local issuer certificate') ret=DRIVER_ERROR

 

If this matches up with what you are seeing, this is a byproduct of changes that Azure has made. Previously, the same certificates were used across different services but this has changed over time. Because vDiscovery uses secure connections, this causes the certificate handshake to fail.

 

As Infoblox has become aware of these changes, these new certificates have been added with updates to NIOS and in the latest NIOS 8.4 release, you are even able to update these certificates yourself. If you are able to upgrade, this should resolve this issue for you.

 

Regards,

Tony

Re: between a rock and a hard place azure vdiscovery

[ Edited ]
bvihlidal
Techie
Posts: 3
3017     0

Thanks

Re: between a rock and a hard place azure vdiscovery

TTiscareno Community Manager
Community Manager
Posts: 317
3017     0

That error is different from what you would expect for a certificate issue. Make sure that the system time for your Infoblox server(s) is correct, check for any network security devices that might be causing issues with the HTTPS connection to login.microsoftonline.com, and that NIOS is resolving login.microsoftonline.com to the correct address.

 

Beyond that, a Traffic Capture run while reproducing the issue and a Support Bundle may also be required to troubleshoot this further. I would recommend consulting with Infoblox Support so that they can help go through this with you.

 

Regards,

Tony

Showing results for 
Search instead for 
Do you mean 

Recommended for You