a22riz
Contributor
Contributor

User Domain Cannot Login to vRealize Automation Console 7.2

Jump to solution

Hi there,

I have an issue that I can't handle. Getting an ‘Access Denied, You do not have access to this service. Contact your administrator for assistance’ error when logging into the portal using domain users/admins even after adding the group to the tenant and IAAS admin groups and to various business groups etc. Login using local acounts is fine and searching domain users works a treat.

Any ideas? Cheers

0 Kudos
1 Solution

Accepted Solutions
a22riz
Contributor
Contributor

Hi All,

Thanks for the help. I have done this issue. Let me explain the condition. Before I test login user domain, I have synced the AD and the AD's group I want to add and vRA could find the user on the groups I have synced. But, when I test user domain to login, it can't/

I solved this issue by re-add directory. In my client's enviroment there are two active directories and come out to one domain. The first try I point the vRA to sync with AD thru domain, it's failed to login. The second try I point the vRA thru FQDN of the AD, it's succeed and runs normal until now.

Cheers Smiley Happy

View solution in original post

0 Kudos
4 Replies
YestoVI
VMware Employee
VMware Employee

did you change the domain on logon?

0 Kudos
bdamian
Expert
Expert

If you are using vIDM (which came with vRA7.x) you need to do a SYNC in order to get the new AD users created.

Go to "Administration / Directories management / Directories", locate your directory and click on the button "sync now". Then try to log in again.

You can manage the frequency for automatic syncs editing the directory and clicking on "Sync Settings"


---
Damián Bacalov
vExpert 2017-2018-2019-2020-2021-2022
https://www.linkedin.com/in/damianbacalov/
twitter @bdamian
0 Kudos
darrengoff3
VMware Employee
VMware Employee

If you are using the "Select all" checkbox to synchronise members of AD groups from a specific DN, when the group membership changes, you need to check the "select all" checkbox again and synchronise. This will ensure all modifications in AD group membership is synchronised with vIDM.

- DG If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos
a22riz
Contributor
Contributor

Hi All,

Thanks for the help. I have done this issue. Let me explain the condition. Before I test login user domain, I have synced the AD and the AD's group I want to add and vRA could find the user on the groups I have synced. But, when I test user domain to login, it can't/

I solved this issue by re-add directory. In my client's enviroment there are two active directories and come out to one domain. The first try I point the vRA to sync with AD thru domain, it's failed to login. The second try I point the vRA thru FQDN of the AD, it's succeed and runs normal until now.

Cheers Smiley Happy

0 Kudos