I created a new text file to use for the powershell scripts (since that is the only way we can get the RSA settings to set correctly for the UAG's)
When I deployed, it has the correct IP address but the hostname is a default uag-XXX name instead of the name I told it to use
I cannot get into the UAG gui to try to change host name.
I am using the PowerShell deployment script that is downloadable from the UAG 3.9 download page.
This could be just an issue from upgrading UAG from way older version to new version. If so please let me know.
Silly question but....Can you get to the gui via IP?
When I deployed, it has the correct IP address but the hostname is a default uag-XXX name instead of the name I told it to use
You may add uagName=<hostname> to the .ini file to set the hostname. The "name=" entry is just the UAG's name in the vCenter Server's inventory.
I cannot get into the UAG gui to try to change host name
Please provide some details to help understand what may be the issue.
André
Yes I can
I just can’t get my RSA settings to… appear? To take the RSA config file… etc
The uagName= worked....
Now I just need to get the RSA configuration figured out.
It doesn't even have the option to set the auth method to what I want.
And when I go to save the RSA settings under the authentication settings, it gives me an error.
I can not set the Secure auth
I need it to be set to securid-auth
And I dont have the option to set that
It gives me the option for passthrough and SAML
This is what it should look like....
I don't have access to a UAG at the moment, so I can just guess. Did you already add the RSA secure ID configuration to the UAG Configure RSA SecurID Authentication in Unified Access Gateway? Maybe that's required for additional authentication methods to show up?
The last time I deployed the UAG with RSA, I did this via PowerShell, and included the configuration settings in the .ini file.
André
To configure RSA with UAG,
the admin UI Configure Manually section, click Select.
In the General Settings Authentication Settings section, click Show.
Click the gearbox in the RSA SecurID line.
Yes - well i tried. But it will not let me save the configuration settings.
What is it complaining about?
Is it about networking (access to the RSA server, remember to open the required network port on the firewall), the sdconf.rec, name resolution, ...?
André
So what VMware is basically saying is that 3.7 and later can not have a .local in the servers name or DNS Entries. So reason why UAG is failing through PowerShell using RSA Token. Appreciate the feed back from all parties.
Work Around:
So when deploying, do not specify any RSA settings
And then when you’re in the admin UI, add an entry into the hostfile for the RSA and then you can add the conf rec file from there
And that populates the settings I need
First time I have posted questions to the form and appreciate the quick response from everyone.
You can actually specify "hostEntry#" settings in the .ini file, so that you can do a complete deployment via PowerShell.
Here's a snippet from how I've done this in the past.
~snip~
authMethods=securid-auth && sp-auth
matchWindowsUserName=true
#
# A list of 1 or more /etc/hosts file entries to be added to UAG.
# This is useful if there is a requirement for host name resolution on UAG and DNS is not accessible from UAG.
# The hostEntry list must start at 1 and the list must be incremental and consecutive.
#
hostEntry1=10.10.10.100 rsa-server.domain.local rsa-server
[SecurIDAuth]
serverConfigFile=C:\temp\UAG\sdconf.rec
externalHostName=192.168.2.100
internalHostName=192.168.2.100
~snip~
André