Hi,
I have two PSCs running in HA mode with F5 Load balancer with two vCenters joined in enhanced linked mode. I tried adding active directory (Integrated Windows authentication) as identity source which is failing to join and shows "The vCenter SSO server is not currently joined to any domain" however I have both of my PSCs are part of domain. I joined both PSC using the following command line
domainjoin-cli
join
<domain> <user> <password>
and had a reboot, I see the computer objects created in AD for both of PSCs however when see configuration through Web client and go to system configuration->Nodes->psc_node->Manage->settings->active directory, I see no domain name there. I assume this is some kind of bug and my PSCs have been added to domain as per commandline and their computer objects have been created in AD.
I found the following kb to resolve the issue however while running the command, I got the below output and it did not create the identity source
./sso-add-native-ad-idp.sh labdomain.com
Starting to add Native Active directory as Identity Source
VMware SSO data migration - start importing
SSO data intemediate file name: /usr/lib/vmidentity/tools/scripts/exported_sso.properties
Source SSO is 5.0: false
Destination SSO location: localhost
Unable to extract lockout policy:
java.lang.AssertionError
at com.vmware.identity.migration.entities.LockoutPolicy.<init>(LockoutPolicy.java:35)
at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractLockoutPolicy(EntitiesPersister.java:1056)
at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractAllEntities(EntitiesPersister.java:1151)
at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:36)
at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)
at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)
at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)
Unable to extract password policy:
java.lang.AssertionError
at com.vmware.identity.migration.entities.PasswordPolicy.<init>(PasswordPolicy.java:63)
at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractPasswordPolicy(EntitiesPersister.java:1024)
at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractAllEntities(EntitiesPersister.java:1152)
at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:36)
at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)
at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)
at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)
Unable to extract issuer:
java.lang.AssertionError
at com.vmware.identity.migration.entities.Issuer.<init>(Issuer.java:26)
at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractIssuer(EntitiesPersister.java:860)
at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractAllEntities(EntitiesPersister.java:1154)
at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:36)
at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)
at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)
at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)
No localos IDS to be imported
IDP for this tenant is already added.
Importing groups but not adding to their parent groups.
Failed to import identity source:ads.mckinsey.com
com.vmware.identity.migration.idm.SystemException: com.vmware.identity.idm.IDMException
at com.vmware.identity.migration.idm.impl.IDMClient.addProvider(IDMClient.java:199)
at com.vmware.identity.migration.idp.importer.sso2.IDPImporter.importExternalIdentitySource(IDPImporter.java:165)
at com.vmware.identity.migration.entities.ExternalIdentitySource.importInto(ExternalIdentitySource.java:187)
at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:48)
at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)
at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)
at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)
Caused by: com.vmware.identity.idm.IDMException
at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:133)
at com.vmware.identity.idm.server.IdentityManager.addProvider(IdentityManager.java:8142)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$2.run(Unknown Source)
at sun.rmi.transport.Transport$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(Unknown Source)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(Unknown Source)
at com.sun.proxy.$Proxy1.addProvider(Unknown Source)
at com.vmware.identity.idm.client.CasIdmClient.addProvider(CasIdmClient.java:628)
at com.vmware.identity.migration.idm.impl.IDMClient.addProvider(IDMClient.java:183)
... 6 more
Failed to import STS config :
Clock tolerance: -1
RenewCount: -1
DelegationCount: -1
MaximumBearerTokenLifetime: -1
MaximumHoKTokenLifetime: -1
Adding imported system groups into their parent groups.
VMware SSO data migration - end importing
Exitting migration tool with status code = 0
please suggest.
Hi,
have you been able to resolve the problem?
I have the same problem at the moment.
I was having the same issue. In case anyone else comes across this, I fixed this by removing the PSC appliance from the domain (using the CLI command below) and rejoining it to the domain. I then rebooted the appliance and was then able to add domain users and groups to the appropriate permissions:
# /opt/likewise/bin/domainjoin-cli leave
# /opt/likewise/bin/domainjoin-cli join <domain name> <username> <password>
The topology I was using was a two site deployment. I used the VCSA ISO to create a PSC appliance for each site and then installed vCenter Server using the Windows installer ISO for each site.