Doesn't look like it.   Tried again with no success adding the vCAC host. Other thoughts?

You may try to add the certificate of the vCAC host in the vCO web configuration certificate tab

SSL Certs are added and accepted. 

This is the error I get.  This happens when I use my ID (which is in the local administrators group on the Windows box).

com.vmware.o11n.plugin.dynamicops.ServiceException: HTTP/1.1 401 Unauthorized : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>401 - Unauthorized: Access is denied due to invalid credentials.</title><style type="text/css"><!--body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-container"><fieldset>  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div></div></body></html> (Workflow:Add a vCAC host / Add a VCAC host (item0)#54020)

My IaaS box is one one domain and the ID is in the master trusted domain where IDs reside.  These two domains ROOT, TEST (names changed to protect the innocent) are fully trusted.

How can I help narrow down what credential I need?  Is there a way to test this outside of vCO so I can maybe narrow down what the issue is?

You can test the credentials without vCO with opening : http://vCAChost/Repository/Data/ManagementModelEntities.svc

That works with my ID both from my workstation and from the IaaS server.  It also works fine with the service AD account.

I have tried entering the ID as

<domain>\<ID>

<id>@<domain>

with the NTLM domain listed as both

<ROOT domain>

<Child domain>

Same error on access issue.

What next?   It seems that I have permissions and there's something I'm missing in this flow and making it work right.

If I recall well on my lab setup I just use administrator for user and DOMAIN for NTLM domain (since my vCAC is also a domain controler).

   That isn't quite an enterprise level setup then.   Central identity management goes on here.

I have tried using the local administrator account also.   Do you mean literally to use "DOMAIN" or do you mean your domain name?

Tried all those.. much appreciate the thoughts.  What next?

My domain name (not the FQDN, the windows non dotted one).

What plug-in version do you have ?

Tried those different iterations of the domain name.

Version info:

     vCAC plugin 6.0.0.

     Add a vCAC Host workflow is version 1.0.12.

Hi ..

Did you ever figure out how to resolve this? I'm getting the exact same issue and nothing seems to be working. . :smileyplain:

Not yet for my environment.  I have opened a ticket on it and am exploring this as everything appears that it should work from both the excellent suggestions offered here to all the various website and blogs.

Can you please provide more information on the solution. I am having similar issue.

My Windows 2008 server IAAS is in CORP.VCAC domain

Username used is Administrator@corp.vcac  (or CORP.VCAC\Administrator)

I am trying to add an Iaas host using below values, but not working

Authentication Username: Administrator

Authentication Password: { its password}

Workstation for NTLM authentication:

Domain for NTLM authentication: CORP.VCAC

I have tried NTLM domain as CORP.VCAC or VCAC or CORP or CHILD or ROOT, but no luck.

Same issue here. In my environment, the exception in the workflow stated "401 - Unauthorized: Access is denied due to invalid credentials." I confirmed the account had the proper rights though by accessing https://iaasserverfqdn/repository/data/MetaModel.svc/

So my guess was the syntax wasn't right. I confirmed this in the Windows Security Log on the IaaS server. I found failed logon attempts where the Account Domain didn't look right.

I had to specify our netbios domain name in the Domain for NTLM Authentication prompt, and then it worked.

Try using the service account you're running the IaaS components as.

Same here. I am actually running vRA 6.2 using the integrated vRO engine. No Parent and Child domain

Anyone managed to find a solution ?