TimR26's Posts

I'm trying to build a Windows 2012 R2 blueprint that joins an AD server automatically and puts the computer in a specific OU specified. I created a vRO endpoint and pointed it to my AD server, provided all the necessary info (as far as I can tell). I created an AD Policy and specified the OU I want machines to go in. I applied the AD Policy to the business group so anyone within the business group who deploys machines will have the AD Policy applied. I created a Windows 2012 R2 template (nothing special here) I created a vsphere customization script that sets the admin password and joins the domain. Test 1 I created a blueprint, full clone of the windows 2012 R2 template and specified the customization script. Result: It deployed the machine and joined the domain, but the computer object was still in the default Computers OU I check the vRO Endpoint and found a typo in the domain name, fixed. Test 2 same as above, hoping things would work due to the typo. Result: same as test one Test 3 same blueprint, modified AD endpoint and provided new shared session credentials (thinking authentication issue) Result: same as test one Test 4 same blueprint, modified vsphere customization script to not join domain (thinking AD endpoint and ADPolicy will join the machine to the domain) Result: server did not join domain Test 5 same blueprint, removed customization script from blueprint (thinking customization script is interfering with vRA joining machine to domain) Result: server did not join domain. At this point I'm not sure how to proceed. I feel I'm missing a step (or two) Some questions I have: 1. Where can I find logs for the Active Directory Endpoint? I would like to see if it provides any clues as to whether or not my AD Endpoint is even config'd properly 2. For the AD endpoint shared session credentials, what format do I use for the username (the docs do not mention anything like this, just provide a username) so do I use <username> or <domain> \ <username or <username>@<domain>...or does it even matter? 3. do I even need to specify the vsphere customization script within the blueprint? 4. Is there any other step within the blueprint I need to do to get the AD Policy to work?

Hello, I'm looking for some guidance on how to proceed with creating certificates for my vRA7 HA/distributed solution. I'm in the process of going through the installation wizard and I'm at the part where I need to deal with the vRA appliance certificates. I found a blog that provides step-by-step installation of an enterprise deployment. He used a Windows CA and a vRealize Automation Identity appliance. He went through how to build a CA, get the templates setup and create the certs using openSSL. I've followed most of the instructions but I'm a little confused at this point. here is a link to the blog  on creating the CA and issues certs http://open902.com/create-a-windows-enterprise-ca-and-issue-certificates-for-vra-and-other-vmware-products-with-examples… here is a link to the blog on deploying vRA7 enterprise http://open902.com/vrealize-automation-7-enterprise-install/ I have a couple of questions: 1. Can I finish my deployment with self-signed certs, then replace the certs after the fact? 2. I like the idea of a single cert for all the components, the challenge is how would I achieve this in my deployment. Identity appliance is built into vRA7 and (I think) I need to complete the installation wizard in order to use vIDM. So this leads me to believe I create self signed certs (to complete the installation wizard deployment) then replace all the certs using the procedures in the blog above. 3. Based on my deployment model below, I don't think I can follow the procedures listed above, and if I can, I'm really not sure how to pull this off. Here is my deployment setup: - Win-CA.domain.com (Windows CA Server) - vra7-app01.domain.com (vRA7 appliance node 1) - vra7-app02.domain.com (vRA7 appliance node 2) - vra7-web-mgr01.domain.com (Windows, Web and Manager services node 1) - vra7-web-mgr02.domain.com (Windows, Web and Manager services node 2) - vra7-DEM01.domain.com (Windows, DEM services node 1) - vra7-DEM02.domain.com (Windows, DEM services node 2) - vra7-agent01.domain.com (Windows, Agents node 1) - vra7-agent02.domain.com (Windows, Agents node 2) - vra7-vro01.domain.com (Orchestrator appliance node 1) - vra7-vro02.domain.com (Orchestrator appliance node 2) - NSX Edge appliance configured as a load balancer - vra7.domain.com (VIP for vRA7 appliances) - web.domain.com (VIP for Web/Mgr servers) - mgr.domain.com (VIP for Web/Mgr servers) - vro.domain.com (VIP for Orchestrator appliances) - windows workstation with OpenSSL installed I'm probably over thinking this too much, but I'm reluctant to complete the deployment until I know for sure how to proceed with certificates.

Hello, Background info: - We are using vCloud Director with multiple organizations setup under a single provider VDC. - We have two AD domains called domain A and domain B. domain A is configured as the LDAP authentication source for each org (the tenant users as vCloud Org admins), while domain B is the LDAP authentication source for vCD/vCenter system administrators. - vCO, vCD and the vCenter Server vCD controls is on domain B. - Physical workstations everybody use are in domain A. vCO client is installed on physical workstation. - Attached is a diagram to help. What we are trying to achieve: - we want vCD org admins to be able to login to vCO and create and manage workflows for their own org. - we want vCD/vCenter system administrators to be able to create and manage workflows for all of vCD and vCenter, as well as be the vCO system administrators. I'm trying to figure out the most efficient way to setup access and roles for vCO itself, then ensure access for the tenant users is limited to their own orgs.

Hello, I've done some vCO training to get familiar with using the product. I now have a request from one of our support teams. They would like to be able to run a workflow that can output a list of all users and groups for each org we have. I've been searching the vCO documentation for API, REST and can't seem to find anything (obvious) about querying this information. Can anybody provide some advice, point me in the right direction. Thanks!

Hello, We are using the out-of-box Console Access Only role for our end-users in our orgs. When a user logs into their org portal, and opens a pop out console on a VM, they have the ability to mount a cd/dvd from the pop-out window. For security reasons, we want to prevent that. We only want the user to mount cd/dvd from the catalog only. Is there a way to do this?