VMware Cloud Community
5mall5nail5
Enthusiast
Enthusiast
‎04-26-2017 07:11 PM

vRA "public" URL kicks over to IaaS .local URL

Hello all - I have a vRA 7.2 environment that I am using to trial some things before going live with it.  My ideal solution will be having clients be able to access my vRA deployment by going to cloud.domain.com/vcac/org/[client]   - I have this working, except when they have to authenticate, it's kicking them to the FQDN of my IaaS server and that was installed/configurated (wizard) at its internal FQDN of IaaS1.domain.local - obviously this will not work on the internet (or even internally if clients don't get .local resolution).

What am I missing here?  Thanks!

Tags (4)
0 Kudos
2 Replies
rstoker13
VMware Employee
VMware Employee
‎04-27-2017 05:13 AM

Are you performing a simple install(1 vRA appliance and 1 Windows IaaS)? Load balancer?

In my simple deployment with no load balancer for our Dev environment, I chose the settings below. IaaS Web Address should be the address used by clients to access. Notice that in my environment, this is a CNAME that references the A record for the IaaS server.

vra72IaaSinstall.png

Also, when using a CNAME or alternate DNS record for the vRA appliance web address, the IDP will be affected. This problem doesn't manifest itself for users of vRA but will cause problems if you use the integrated vRO Instance. You will need to modify the following setting in the IDP to match the public DNS value for the vRA appliance. See the post and KB below:

Inconsistencies between the IDP hostname and the vRA hostname producing behavior and authentication ...

Logging in to embedded vRealize Orchestrator fails (2146063) | VMware KB

vra72IaasIDP.png

0 Kudos
5mall5nail5
Enthusiast
Enthusiast
‎04-27-2017 10:25 AM

Thanks rstoker13!  Yes, I am using a simple install for testing purposes, no LBs yet (though I am going to be looking to LB this soon, so I am sure I'll have more questions then).

I see what I did wrong - when I deployed I put the FQDN of the .local name for the IaaS server for "IaaS Web Address" - naturally that won't work.  I wish there was a little comment there like in the vRA field.

That said - is it too late to change?  Also, how can I put a valid external cert on the IaaS server then?  I had issues with it complaining that the SAN, blah blah.


I appreciate your response I would have never found the KB below, actually!

Edit:  I changed the IdP hostname to match my FQDN config for vRA (cloud.domain.com) and no longer get kicked over to vra.domain.local

But how do I change the IaaS web address and do I even bother?

0 Kudos