Hi Guys,
I have FortiClient/ZTNA working fine but I am having issues connecting to our internal VCenter applience.
I was wondering if anyone has this setup and working?
When we set it up we get this error when we go to the login page.
[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server- An error occurred when processing meta data during vCenter Single Sign-On setup:the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.
Any Ideas, I have tried all the VMware/Broadcom solutions but no luck.
Cheers
John.
Solved! Go to Solution.
Hello John,
error 400 means the Server does not process the requests.
"Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias."
What exact Vmware solution have you applied?
It looks like either the FQDN of the Access Proxy (FGT) is not added in the list of aliases in your server or it cannot be resolved which would mean a DNS issue.
Checking externally i see this: https://knowledge.broadcom.com/external/article/318196/400-an-error-occurred-while-sending-an-a.html
Make sure that DNS can resolve FQDN of FGT to the IP address of the FortiGate.
Try to list both IP and Access proxy FQDN of FGT to the trusted service provider alias as noted in that external vmware guide.
regards
Hello John,
error 400 means the Server does not process the requests.
"Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias."
What exact Vmware solution have you applied?
It looks like either the FQDN of the Access Proxy (FGT) is not added in the list of aliases in your server or it cannot be resolved which would mean a DNS issue.
Checking externally i see this: https://knowledge.broadcom.com/external/article/318196/400-an-error-occurred-while-sending-an-a.html
Make sure that DNS can resolve FQDN of FGT to the IP address of the FortiGate.
Try to list both IP and Access proxy FQDN of FGT to the trusted service provider alias as noted in that external vmware guide.
regards
Hello,
Have you ever checked the same configuration with a proxy policy instead of a firewall policy?
Please revise the Full ZTNA policy.
https://docs.fortinet.com/document/fortigate/7.4.0/new-features/972568/introduce-simplified-ztna-rul...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.