vSphere Authentication Proxy: Failed to bind CAM website with CTL

While troubleshooting the vSphere Authentication Proxy (vSphere 5.1) I ran into a bug which will I highlight in this article.

After successfully installing the Authentication Proxy I discovered an error message in the C:\ProgramData\VMware\vSphere Authentication Proxy\logs\camadapter.log:

2012-xx-xx 14:03:35: Failed to bind CAM website with CTL
2012-xx-xx 14:03:35: Failed to initialize CAMAdapter.

Following the VMware Manual this has something to do with a missing Microsoft Patch:

If you are installing vSphere Authentication Proxy on a Windows Server 2008 R2 host machine, download and install the Windows hotfix described in Windows KB Article 981506 on the support.microsoft.com Web site. If this hotfix is not installed, the Authentication Proxy Adapter fails to initialize. This problem is accompanied by error messages in camadapter.log similar to Failed to bind CAM website with CTL and Failed to initialize CAMAdapter.

Notice that they are only talking about Windows Server 2008 R2 since SP1 already contains the patch which is described in the KB Article (SP1 contents).

So despite the fact that I had the patch installed I still received the error message. I’ve checked all the configuration files in the C:\ProgramData\VMware\vSphere Authentication Proxy directory and all of them were configured correctly regarding to the hostname (fqdn) and port number.

While checking the C:\ProgramData\VMware\vSphere Authentication Proxy\logs\camadapter.log again I noticed that the hostname (fqdn) in there was truncated(!)

2012-11-07 14:03:35: Execute cmd /c netsh http delete sslcert ipport=xxxxxxxxxxxx.xxx:51915 in path D:\Program Files (x86)\VMware\vSphere Authentication Proxy\

So basically it’s listed in the log as xxxxxxxxxxxx.xxx while the real name is xxxxxxxxxxxx.xxxxxxx.xxxxx. This is not a typo during installation since you can only select the Hostname (fqdn) or IP address from a dropdown box as shown in the screenshot below:

I’m not sure if it will work when the hostname (fqdn) is shorter but in my opinion this definitely is a bug so please watch out for it. In my case I re-installed the vSphere Authentication Proxy selecting the IP address in the dropdown box and after that it works like a charm.

 

Leave a comment

3 Comments

  1. I found the same thing. Thanks for the heads up on this

  2. Loren Gordon

     /  November 1, 2013

    Thanks for this. It’s still a problem with vSphere 5.5!

  3. Duncan

     /  January 9, 2014

    Same issue, this fixed me also. Definitely a bug. Thanks!

Leave a Reply

%d bloggers like this: