VMware Cloud Community
azler
Contributor
Contributor
‎11-05-2013 05:25 AM

Vcenter Virtual Appliance 5.5 SSO

I am trying to setup Vmware Vcenter Virtual appliance 5.5 in my lab environment with my 5.1 ESXI server.

So far I have managed to deploy the OVA file and set it up to what I feel is the correct setup and is inline with tutorials I have read on this forum.

The issue is to do with pulling user information from AD.

The virtual appliance binds in to the domain fine and the computer account is present within AD.

I then login to the vsphere web clients to edit the SSO settings with administrator@vsphere.local. Again this works fine.

I go to administration > SSO > and click on the '+ & chose Active directory (Integrated windows authentication).

This seems to work fine.

When I then go to Users and groups to try and add a local AD account to the administrators group it just says 'The list is empty.' & I get the error popup 'Cannot load the users for the selected domain.'.

If I logout and try to login with a AD account it works but with an error about the user not having permissions to view the inventory.

If I set it up the LDAP way - The users appear in the list so I can add them to the administrators group. But when I logout and try to login I get the message:

The authentication server returned an unexpected error: ns0:RequestFailed: Group was not found. GroupSID= 'S-1-5-21-1216658527-3710616582-2961077928-513'.. The error may be caused by a malfunctioning identity source.

Not sure what else I can try now?

Rob

0 Kudos
7 Replies
azler
Contributor
Contributor
‎11-11-2013 02:16 AM

Anyone had an issue like this? / Know where I could start trying to figure out what is causing the error?

Rob

0 Kudos
abhilashhb
VMware Employee
VMware Employee
‎11-11-2013 03:59 AM

Hi Rob,

After adding AD you need to make it default domain. have you tried that?

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

0 Kudos
a_p_
Leadership
Leadership
‎11-11-2013 04:03 AM

Rather than trying to add the domain users to local groups, create a group on the domain and change the permissions of the vCenter Server object (or the objects you need) by adding the domain group.

André

0 Kudos
azler
Contributor
Contributor
‎11-11-2013 05:46 AM

I have set the domain I added as the default one and deleted the local one (as I read this can cause issues.)

There is now only my domain (default) and Vsphere.local which it will not let me remove.

I dont Understand what you mean AP? I am running the virtual appliance and not the one installed on a windows box. Where is the location to change the permissions on the Vceter server Object?

Rob

0 Kudos
abhilashhb
VMware Employee
VMware Employee
‎11-11-2013 05:57 AM

You have to log in into Web client and on your vCenter object, go to Permissions tab and add the user you intend to login into the vCenter there with desired role.

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

0 Kudos
sree_30
VMware Employee
VMware Employee
‎11-13-2013 08:38 AM

Localos should be present under the identity sources as the Inventory service does have a dependency on localos identity source.

Regards,

Sree

0 Kudos
azler
Contributor
Contributor
‎11-13-2013 08:49 AM

I have resolved the issue. I partly think its down to DNS. However I did just re-install it and it seems to be working fine now.

I have however come across a snag..

We use vmware at work in a cluster with vcenter already installed and I didnt get a chance to play with it. So I have setup a test lab on a spare server. In doing this I registered it with the free 5.0 License. Vcenter wont add it because of a licensing issue.

Is there anyway to run the Vsphere ESXI & Vcenter appliance in a free mode for testing? I dont fancy running both the ESXI & vcenter in the 60day evaluation mode...

Rob

0 Kudos