VMware Cloud Community
a22riz
Contributor
Contributor
Jump to solution

User Domain Cannot Login to vRealize Automation Console 7.2

Hi there,

I have an issue that I can't handle. Getting an ‘Access Denied, You do not have access to this service. Contact your administrator for assistance’ error when logging into the portal using domain users/admins even after adding the group to the tenant and IAAS admin groups and to various business groups etc. Login using local acounts is fine and searching domain users works a treat.

Any ideas? Cheers

Reply
0 Kudos
1 Solution

Accepted Solutions
a22riz
Contributor
Contributor
Jump to solution

Hi All,

Thanks for the help. I have done this issue. Let me explain the condition. Before I test login user domain, I have synced the AD and the AD's group I want to add and vRA could find the user on the groups I have synced. But, when I test user domain to login, it can't/

I solved this issue by re-add directory. In my client's enviroment there are two active directories and come out to one domain. The first try I point the vRA to sync with AD thru domain, it's failed to login. The second try I point the vRA thru FQDN of the AD, it's succeed and runs normal until now.

Cheers Smiley Happy

View solution in original post

Reply
0 Kudos
4 Replies
YestoVI
VMware Employee
VMware Employee
Jump to solution

did you change the domain on logon?

Reply
0 Kudos
bdamian
Expert
Expert
Jump to solution

If you are using vIDM (which came with vRA7.x) you need to do a SYNC in order to get the new AD users created.

Go to "Administration / Directories management / Directories", locate your directory and click on the button "sync now". Then try to log in again.

You can manage the frequency for automatic syncs editing the directory and clicking on "Sync Settings"

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Reply
0 Kudos
darrengoff3
VMware Employee
VMware Employee
Jump to solution

If you are using the "Select all" checkbox to synchronise members of AD groups from a specific DN, when the group membership changes, you need to check the "select all" checkbox again and synchronise. This will ensure all modifications in AD group membership is synchronised with vIDM.

- DG If you find this or any other answer useful please mark the answer as correct or helpful.
Reply
0 Kudos
a22riz
Contributor
Contributor
Jump to solution

Hi All,

Thanks for the help. I have done this issue. Let me explain the condition. Before I test login user domain, I have synced the AD and the AD's group I want to add and vRA could find the user on the groups I have synced. But, when I test user domain to login, it can't/

I solved this issue by re-add directory. In my client's enviroment there are two active directories and come out to one domain. The first try I point the vRA to sync with AD thru domain, it's failed to login. The second try I point the vRA thru FQDN of the AD, it's succeed and runs normal until now.

Cheers Smiley Happy

Reply
0 Kudos