VMware Cloud Community
joeflint
Enthusiast
Enthusiast
‎04-20-2010 02:45 AM

vCenter Roles and Permissions

Hi, we have an implementation of pairs of vCenter servers using MSCS (we're not using VMware Heartbeat). On the whole the implementation works fine, except we're experiencing issues with Roles and Permissions (R&P). For example, if R&P are created on Node 1 and we fail over to Node 2, the R&P no longer exist. When we failback to Node 1 the roles re-appear, but the permissions do not.

Now we're aware off the requirement to use the Jointool.bat command (which has been done), but still having the issue. Does anyone have detailed documentation relating to jointool.bat and how to use, in case we've missed something in the implementation?

Likewise, is there anything else one should be aware off to resolve this issue? Please note that the VmwareVCMSDS service is not stopped and remains active on both Nodes (the ADAM service).

Thanks

0 Kudos
2 Replies
Corvax
Contributor
Contributor
‎06-18-2010 06:45 AM

Hi joeflint,

I don't know if you have found a solution but we were experiencing the same issue and this is how we got the roles to replicate successfully on both nodes and avoided losing are permissions everytime we failed over the vCenter cluster group.

We followed the following article : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101055...

To make sure the jointool.bat command works the following services must be taken offline in the cluster group prior to running the command.

•VMware vCenter Server

•VMware vCenter Management Webservices

Also take not of the following : Do not set up a cluster with the VMware VCMSDS service. It must be running and the service set to automatic on both nodes...

Corvax

joeflint
Enthusiast
Enthusiast
‎06-18-2010 07:02 AM

Hi Corvax,

Yes we managed to get the R&P to work, although it does work with both the services you mentioned still running. The ADAM service was removed from the cluster to is always active on both nodes. The procedure we follow is:

(1) Configure any R&P updates on 1st Node (active node)

(2) On 2nd node open command prompt and change to vcenter folder then type:-

“jointool.bat rawReplica –remoteHost --remotePort 389” - this should copy the LDAP ADAM instance from the 1st node to 2nd Node

Anyway, thanks for the update.

Cheers

Jas

0 Kudos