Hi all,
As part of update2 release note there is this section
Windows Single Sign-on Support
You can now automatically authenticate to VirtualCenter using your current Windows domain login credentials on the local workstation, as long as the credentials are valid on the VirtualCenter server. This capability also supports logging in to Windows using Certificates and Smartcards. It can be used with the VI Client or the VI Remote CLI to ensure that scripts written using the VI Toolkits can take advantage of the Windows credentials of your current session to automatically connect to VirtualCenter.
So I have expected to be able to use VIPowerShell (now named VIToolkit) without providing credential during the Connect-Viserver... But this does not works (I use the upd2 VC & upd2 VIPSToolkit)
Does some-one has been able use the Connect-VIServer in real sigle sign-on ?
No it doesn't seem to work for me neither.
The cmdlet details state "One of the User/Password and Credential parameters must be provided...".
Btw did you notice in example 2 of the Connect-VIServer cmdlet that a cmdlet called New-VICredentialStoreItem is mentioned ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Can not get this New-VICredentialStoreItem working "Cmdlet not recognized"
Have you been able to get the single sign-on working at least with the VI-client FAT ?. I haven't
I haven't installed Update 2 yet, with Update 1 the VI Client single-sign on worked.
But you had to add "-passthroughAuth -s <VC-server>" in the shortcut.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Was not aware of this parameter. Can confirm it works well also with Upd2
Now we have to try to get similar with VIPSToolkit....
Can not get this New-VICredentialStoreItem working "Cmdlet not recognized"
To my knowledge, this cmdlet did not make the cut.
Author of the upcoming book: Managing VMware Infrastructure with PowerShell
Co-Host, PowerScripting Podcast (http://powerscripting.net)
If you open the DLLs with Reflector you see it though
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Use it at your own risk.
http://en.wikiquote.org/wiki/Dante%27s_Inferno
Lasciate Ogni Speranza Voi Ch'Entrate
o Translation: Abandon all hope, ye who enter here.
o Notes: Inscription on the gates to the Hell.
Author of the upcoming book: Managing VMware Infrastructure with PowerShell
Co-Host, PowerScripting Podcast (http://powerscripting.net)
Hi all,
In order Single-Sign-On feature to work there are 2 things you need to assure:
1. The user that you will use to login to VC need to be valid user for the machine. For instance you can do that by adding him to Administrators group on the machine where VC runs
2. The Administrators group on its turn need to be valid group for VC login. By default the Administrators group is valid group, but if you have added the user to a different group you should give to that group permissions in VC using VI Client.
Hope that helps.
Regards,
Georgi Rusev
Georgi, that is probably correct but most of us log on from a machine that is part of an Active Directory domain.
So the log on user is part of an AD group and that group has been given permissions on the VC.
In fact, in the beta it worked but in v1 it doesn't work anymore; same user, same client-PC.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Is that only against VC 2.5 Update 2 or are you trying it against a server that used to work?
Same VC, v2.5 update 1, only difference is the VI Toolkit.
With the last beta build (81531) it used to work.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I use scheduled tasks with a service account on the VC server and single sign on works perfectly. The service account has specific rights within VC to be able do do certain tasks.
The default administrators group is removed in our VC build.
Update: after a stop/start of the shell it works!
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
It's Windows allways reboot after an application instalation :smileygrin:
Sorry i'm a little bit lost :-(.....
Does this means you have you been able to make a Single Sign-on to VC with PowerShell script ?
Yes, in the end it worked for me.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Good news
Can you summarize the steps you have performed to make it working ?
Also can you provide the PS lines you have used ?
Thks a lot
I stopped/started the Powershell GUI I use on my workstation.
From there on it worked. See screenshot.
The only issue (which was already reported) is that the $$DefaultVIServer variable is not reset after a Disconnect-VIServer.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Still Prompt me for the user/password