Sorting bits into bytes...

Skyline illegal characters

Kabir

If this is supported or not I have no idea! But I made some minor changes to the Skyline Collector appliance.

While trying to setup AD integration with Skyline I ran into a weird problem. While everything seemed okay, Skyline kept throwing this error:

A group name contains illegal characters.

And:

A user name contains illegal characters.

 

Well that narrows it down, right? All you need to do now is search for “a group” or “a user” and find the illegal character. Needless to say the error is of no use. Let’s SSH into Skyline and look at some log files. But wait root login is disabled. Let’s enable it first:

https://kb.vmware.com/s/article/67788

To enable SSH access, perform the following steps:

  1. Open the Skyline Collector console via the vSphere Client/Web Client
  2. Login as root and the root password defined during deployment
  3. Run ‘vi /etc/ssh/sshd_config’
  4. Enter ‘i’ to modify the file in VI editor
  5. Locate the line that contains ‘PermitRootLogin no’ and change the value to ‘PermitRootLogin yes’
  6. Save the changes by hitting ESC + typing ‘:wq!’
  7. Restart the sshd service by running ‘service sshd restart’

 

Now SSH into Skyline and tail /var/log/skyline/collector.log.

2022-01-21 12:55:09,494 WARN [qtp1997224928-35] c.v.s.c.a.CredentialManager [CredentialManager.java:133] [] AD validation failed.

com.vmware.skyline.collector.api.exception.AdDomainValidationException: A group name contains illegal characters.

        at com.vmware.skyline.collector.api.model.AdDomainCreateRequest.validate(AdDomainCreateRequest.java:77)

        at com.vmware.skyline.collector.auth.CredentialManager.setAllowedAdDomain(CredentialManager.java:127)

        at com.vmware.skyline.collector.api.external.services.ExternalApiServices.setAdDomain(ExternalApiServices.java:924)

        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

        at java.base/java.lang.reflect.Method.invoke(Unknown Source)

 

That’s not of much help. I couldn’t find anything online. I know that AD integrations with Linux can always be a pain. I remembered that one time I had to enter the domain name in capital letters. Why not try that, as searching online wasn’t helping me much. Guess what happened when I wrote the domain name in capital letters… it worked! Don’t ask me why, I’m done trying to figure that out.

And while I was logged on to Skyline, why not setup syslog? I have vRLI so there should be no real reason for me to SSH into a VM, right?

Setting up vRLI is super easy!

First what you want to do is give the Skyline VM a proper name. No need to edit files, simple use hostnamectl, like this:

hostnamectl set-hostname <new_hostname>

ea: hostnamectl set-hostname skyline-kablog

 

Check if the new hostname is applied:

hostnamectl status

 

Download the vRLI agent and install it in one go:

curl -k -o /tmp/liagent.rpm https://<vRLI FQDN>/api/v1/agent/packages/types/rpm; rpm -Uvh /tmp/liagent.rpm

ea: curl -k -o /tmp/liagent.rpm https://vrli-kablog.nl/api/v1/agent/packages/types/rpm; rpm -Uvh /tmp/liagent.rpm

Make sure the agent runs after reboots:

systemctl enable liagentd

 

Edit the liagent config file to match your environment.

vi /var/lib/loginsight-agent/liagent.ini

 

In the [server] section, modify the following parameters and save the file.

[server]

hostname=<vrealize_log_insight_fqdn>

proto=cfapi

port=9000

ssl=no

 

Restart the agent:

systemctl restart liagentd

 

Now head over to your vRLI instance and add the agent to the “Photon OS – Appliance Agent Group” agent group. This will reconfigure the agent accordingly.

If you don’t have that group in vRLI follow the below link to create it. Be sure to select the newly set hostname of the Skyline VM in step 7.

https://docs.vmware.com/en/VMware-Cloud-Foundation/services/vcf-intelligent-logging-and-analytics-v1/GUID-8CAA0BE1-C9EB-4A8F-B91B-E12B79954493.html

 

So the next time you ran into a wierd integration problem try yelling the DOMAIN NAME!

I hope this helps!

2 thoughts on “Skyline illegal characters

  1. That’s not weird, that’s Linux actually caring about case sensitivity. I suspect you entered the user account as down-level login name instead of the UPN. I would always try using the UPN first.

    Reply

    1. Hi Erik,

      Thanks for reading and replying. I tried both UPN and SAM. I must say both in lower case as that’s how I did the integration of Workspace One Access and AD. But why not the domain name had to be in caps, beats me. But nevertheless a good tip to try next time.

      Reply

Leave a Reply