VMware Cloud Community
bdamian
Expert
Expert

New vCenter 5.50b SSO and vCAC

Hi,

We have installed the new vCenter 5.50b which claim to be compatible with vCAC 6.

Now, when we install vCAC, the "Default Tenant" gives an error. We create a new tennant and works correctly.

Is this ok?

Is this expected using vCAC with the new vCenter SSO?

Thanks a lot.

D.

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Tags (2)
15 Replies
admin
Immortal
Immortal

What do you mean by "gives an error"? and are you referring to installing the IaaS component?

Reply
0 Kudos
bdamian
Expert
Expert

Hi, oKushmaro,

Not at all. The installation finished without an error.

But when I try to configure the "Default Tenant" gives me an error and then I cannot configure the AD nor add users to the tennant. I've attached 3 screenshots to show you.

Despite that, I've could configure a new tenant without problem and configure the AD with the same parameters. Works great, but you need to write a longer URL (https://vcac.domain.net/org/tenant).

This happend only if we use the Single Sign On from the new release of vCenter who claims to be compatible with vCAC 6.

Any ideas?

D.

defaultTenant01.PNG

DefaultTenant02.PNG

DefaultTenant03.PNG

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Reply
0 Kudos
admin
Immortal
Immortal

From I know, the default tenant shouldn't actually be configured from vCAC. Its only role is to act as "Tenant Zero" that can initially configure the system, and not used by actual users other than the admin.

Reply
0 Kudos
bdamian
Expert
Expert

Hi,

The "vCAC 6.0 Installation and Configuration Beta v7.pdf" file, in the page 39 says: "After installation, you must configure the default tenant or create additional tenants (if you want to use a multi-tenant environment" and then adds: "The system administrator can then configure the default tenant or create additional tenants".

When you use the SSO Virtual Appliance that came with vCAC, this works ok. But using the sso from the new vCenter you cannot configure the default tenant. Maybe this is ok, but it shows some error screens (attached in the previous message).

As I said before, configuring a new tenant works just fine.

D.

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian
Reply
0 Kudos
VCErandy
Contributor
Contributor

I am having this same issue using the 5.50b SSO.  My understanding is that the default tenant is used for hardware reservations / group creation that is then available to all tenants. 

I cannot register an AD identity store to assign rights to a Tenant Admin or IaaS Admin to configure the resources within vCAC.  The administrator role is very limited by default. AFAIK there is not superuser account to override this.  So has this functionality now changed or is there an SSL cert that is missing that the vCAC Appliance need?

-randy

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot

Just to confirm. I am seeing this issue too. Has anyone had any breakthroughs?

Think I might try a full rebuild in the lab today.

Reply
0 Kudos
kdelgadovmw
VMware Employee
VMware Employee

First a couple questions: did you do a completely new install of vCAC when you switched to using the vCenter 5.5b SSO? Or did you use an existing install and change the SSO it was registered with? Was SSO already configured in vCenter before you upgraded it and then attached to vCAC? 

Then a few comments:

1) You definitely SHOULD be able to configure the default tenant with an ID store and use it for regular use. This actually preferable if you don't have a need for multiple tenants. You will get some benefit using the default tenant, such as native AD integration via SSO, which you don't achieve with added tenants.

2) Tenant and ID store data is actually saved in SSO, so I'm not sure if any updates are needed to an existing upgraded SSO instance post-upgrade; will check on that.

@KCDAutomate
qc4vmware
Virtuoso
Virtuoso

Good examples of the 3 possible tenant configurations your vCAC deployment might adopt are outlined in the System Administration guide starting on page 21.  I think you'll see this repeated in one or more or the other guides as well.  If you have support I'd suggest opening up a case or seeing if you can get a field case opened by your sales team.

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot

Hey, here are some answers to the questions you have asked:

  • Did you do a completely new install of vCAC when you switched to using the vCenter 5.5b SSO? - Yes, fresh install of vCAC 6.0 in the lab
  • Was SSO already configured in vCenter before you upgraded it and then attached to vCAC- Yes, SSO is configured and working fine with a number of other products.

I've opened a ticket with VMware about this so if I find anything out today, i'll let you know on this thread.

Regards,

Reply
0 Kudos
Henrique_Cicuto
Enthusiast
Enthusiast

As an update, I´ve built the exact same configuration and am experiencing the exact same problem.

Reply
0 Kudos
VirtualDad
Contributor
Contributor

Has anyone made it passed this issue?  I am working on an install now and it seems like we have also run into this issue.  Following the install guides and various posts to the letter and still see this issue.

Reply
0 Kudos
Craig_G2
Hot Shot
Hot Shot

It basically wont work until SP1. It's to do with your vCenter SSO and the fact it is using integrated auth as well. if you look in the vCAC logs you will be able to see an access denied error or something along the lines.

This guy hits the nail on the head: UPDATE: vCenter 5.50b SSO and ID Store with Native AD not working

Sources are saying that it should work with a new tenant.. it didn't for me so I just reverted back to using the Identity appliance. It's a pain, but I guess all we can do is wait.

kdelgadovmw
VMware Employee
VMware Employee

"This guy hits the nail ..." or gal 🙂

@KCDAutomate
Craig_G2
Hot Shot
Hot Shot

🙂 apologies.

VirtualDad
Contributor
Contributor

Go Cheeeseheads!