We upgraded identity VA, vCAC VA and Iaas Server (OS is Windows Server 2008 R2) from vCAC Version 6.0.1.2 to Version 6.1 according to the “Upgrading to vCloud Automation Center 6.1” guide. The upgrade went successfully, and all the services on the vCAC VA came up (21 in total) after upgrade.
After the upgrade, we were no longer able to login with domain user accounts. The "login process" is taking about 10 minutes. Then we receive an error screen as below. Every time with another code number tough. (Same behaviuor on IE, Firefox and Chrome in different versions)
It is still possible to login with the vsphere.local administrator account. That’s no problem.
Changing to Active Directory integrated login will solve the issue for the default tenant, but for the other tenants there is only active directory auth available. So changing to ad integrated ad auth is not an option for us.
Anyone experienced the same/similar problems/issues.
Issue was resolved by VMware. We opened a case and engineering supplied us with a patch in identity VA (--> replaced vmware-identity-idm-server.jar).
This issue is due to vCAC Appliance Certificate is untrusted and SSO can not log you into VCAC using AD credentials as it is unable to validate them.
No this can not be the issue as in the other thread.
We use signed certificates and as i mentioned we upgraded. The certs were valid before upgrade on all services and are still valid on all services after the upgrade. Even checking catalina logs, there are no entries with "untrustet certificate chain" or any other certificate issues in those logs as mentioned in the other thred. The caus must be different nature.
I found a interesting article while checking the logs:
but using ad integrated authentication as they mention cannot be a solution for us. The global catalog thing isn't helping any further.
Issue was resolved by VMware. We opened a case and engineering supplied us with a patch in identity VA (--> replaced vmware-identity-idm-server.jar).