VMware Cloud Community
svenherren
Enthusiast
Enthusiast
‎09-17-2014 02:27 AM
Jump to solution

No more domain user login after upgrade 6.0.1.2 --> 6.1

We upgraded identity VA, vCAC VA and Iaas Server (OS is Windows Server 2008 R2) from vCAC Version 6.0.1.2 to Version 6.1 according to the “Upgrading to vCloud Automation Center 6.1” guide. The upgrade went successfully, and all the services on the vCAC VA came up (21 in total) after upgrade.

After the upgrade, we were no longer able to login with domain user accounts. The "login process" is taking about 10 minutes. Then we receive an error screen as below. Every time with another code number tough. (Same behaviuor on IE, Firefox and Chrome in different versions)

It is still possible to login with the vsphere.local administrator account. That’s no problem.

Changing to Active Directory integrated login will solve the issue for the default tenant, but for the other tenants there is only active directory auth available. So changing to ad integrated ad auth is not an option for us.

Anyone experienced the same/similar problems/issues.

Preview file
13 KB
0 Kudos
1 Solution

Accepted Solutions
svenherren
Enthusiast
Enthusiast
‎09-29-2014 09:49 PM
Jump to solution

Issue was resolved by VMware. We opened a case and engineering supplied us with a patch in identity VA (--> replaced vmware-identity-idm-server.jar).

View solution in original post

0 Kudos
3 Replies
VirExprt
Expert
Expert
‎09-17-2014 05:57 AM
Jump to solution

This issue is due to vCAC Appliance Certificate is untrusted and SSO can not log you into VCAC using AD credentials as it is unable to validate them.

Re: VCAC 61: Login Fail with error "Login failed. Please contact your System Administrator and repor...

Regards, MG
0 Kudos
svenherren
Enthusiast
Enthusiast
‎09-17-2014 06:11 AM
Jump to solution

No this can not be the issue as in the other thread.

We use signed certificates and as i mentioned we upgraded. The certs were valid before upgrade on all services and are still valid on all services after the upgrade. Even checking catalina logs, there are no entries with "untrustet certificate chain" or any other certificate issues in those logs as mentioned in the other thred. The caus must be different nature.

I found a interesting article while checking the logs:

http://vpierre.it/single-sign-on-fails-to-authenticate-users-and-returns-ldap-error-referralldapexce...

but using ad integrated authentication as they mention cannot be a solution for us. The global catalog thing isn't helping any further.

0 Kudos
svenherren
Enthusiast
Enthusiast
‎09-29-2014 09:49 PM
Jump to solution

Issue was resolved by VMware. We opened a case and engineering supplied us with a patch in identity VA (--> replaced vmware-identity-idm-server.jar).

0 Kudos