Hello everybody,
I've a problem about AD authentication with vCSA SSO 5.5, these're my installation steps:
- vCSA 5.5 ovf template deployed with standard installation and joining in AD (domain functional level is Windows 2003).
- DNS host and related PTR records has been added.
- vCSA ports on enterprise firewall are open;
- I've changed default certificates with custom certificates following this KB VMware KB: Configuring Certificate Authority (CA) signed certificates for vCenter Server Appliance 5...
- After CA configuration, I've added Identity my enterprise domain in identity sources and I've created Administrator role in vcenter server with my domain account.
So, when I try to connect to web client, I login successfully, but I get this error:
Client is not authenticated to VMware Inventory Service - https://10.74.70.140:10443
Unable to create the managed object for - urn:vmomi:AuthorizationManager:AuthorizationManager:C96635F6-B5A6-4045-AE92-18DD7A3DE2F0.
So, I've rebooted vCSA, but at reboot (and also if i restart vpxd service only), I get this error:
Registering vCenter Server Inventory Service... failed
Please, restart vmware-vpxd to enable the Inventory Service.
Updating the vCenter endpoint in the Lookup Service.
Intializing registration provider...
Getting SSL certificates for https://FQDN:7444/lookupservice/sdk
Failed trying to retrieve token: ns0:RequestFailed: Error occured looking for solution user :: More than one solution user found
Return code is: ServiceNotResponding
Starting ldap-server..done
Starting vmware-vpxd: success
Waiting for vpxd to initialize: .success
So, I can't work with my domain account.
How can I solve this issue?
Thank you very much
Regards
Daniele
Could you please paste the ds.log snippet from the location /var/log/vmware/vpx/inventoryservice
You can also try the steps in kB 2037952 and re-register IS back to vCenter Service.
Note - Do not use this if you are using vCloud Director or using Storage Profiles.
Error : While attempting to login into vCenter 5.5 (Unable to create the managed object for - urn:vmomi:AuthorizationManager:AuthorizationManager:C96635F6-B5A6-4045-AE92-18DD7A3DE2F0.)
Do you see your domain listed in Identity sources ?
If Single Sign-On discovered the Active Directory domain without the need to manually add it, the Active Directory domain will appear in the list.
4. If already AD is selected as default identity source, select another source, a local vCenter server and select the button at the top, set as default, then again swich default as AD)
This is sort of re-establishing the connection
Note: All vCenter services- vCenter Server, inventory service, vsphere web client etc should be started
This fixed the issue for me
Regards,
Sam