Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jbrines
New Contributor II

FortiClient/FortiEMS ZTNA Cloud and VMware VCenter

Hi Guys,

 

I have FortiClient/ZTNA working fine but I am having issues connecting to our internal VCenter applience.

 

I was wondering if anyone has this setup and working?

 

When we set it up we get this error when we go to the login page.

 

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server- An error occurred when processing meta data during vCenter Single Sign-On setup:the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias.

 

Any Ideas, I have tried all the VMware/Broadcom solutions but no luck.

 

Cheers

 

John.

 

1 Solution
Hatibi
Staff
Staff

Hello John,

 

error 400 means the Server does not process the requests.

 

"Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias."

 

What exact Vmware solution have you applied?

It looks like either the FQDN of the Access Proxy (FGT) is not added in the list of aliases in your server or it cannot be resolved which would mean a DNS issue.

 

Checking externally i see this: https://knowledge.broadcom.com/external/article/318196/400-an-error-occurred-while-sending-an-a.html

 

Make sure that DNS can resolve FQDN of FGT to the IP address of the FortiGate.

Try to list both IP and Access proxy FQDN of FGT to the trusted service provider alias as noted in that external vmware guide.

 

regards

View solution in original post

2 REPLIES 2
Hatibi
Staff
Staff

Hello John,

 

error 400 means the Server does not process the requests.

 

"Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias."

 

What exact Vmware solution have you applied?

It looks like either the FQDN of the Access Proxy (FGT) is not added in the list of aliases in your server or it cannot be resolved which would mean a DNS issue.

 

Checking externally i see this: https://knowledge.broadcom.com/external/article/318196/400-an-error-occurred-while-sending-an-a.html

 

Make sure that DNS can resolve FQDN of FGT to the IP address of the FortiGate.

Try to list both IP and Access proxy FQDN of FGT to the trusted service provider alias as noted in that external vmware guide.

 

regards

Anil_Solakoglu

Hello, 

Have you ever checked the same configuration with a proxy policy instead of a firewall policy? 
Please revise the Full ZTNA policy. 

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/972568/introduce-simplified-ztna-rul...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors