wilber822
Enthusiast
Enthusiast

You have no authority to view this page. The system logs all attempts at inappropriate access

I followed up the guideline to install vCAC 6.2. I'm pretty sure installation was good.

After installation of vCAC appliance, I connect it to my vCenter Server  5.5 SSO (Windows based).

Then I login to vCAC console by administrator@vsphere.local and assigned a domain account to infrastructure administrators group.

Then I login vCAC console by the domain account, I see "infrastructure" tab, but whatever I click under the tab it show me "You have no authority to view this page. The system logs all attempts at inappropriate access".

System time are same on SSO, vCenter and vCAC.

Domain is in identity stores of my default tenant.

IaaS components was installed by following up the guideline.

My account even has local administrator permission on IaaS server.

I deployed twice, first time IaaS server was Windows 2008, then 2012. Both same error.

It's only on infrastructure tab.

Does anybody have a idea?

https://www.zhengwu.org
Tags (3)
31 Replies
JihemmeT
Enthusiast
Enthusiast

Yes, this user have to be local admin. It is the one configured while installing IaaS service

0 Kudos
ztwy
Contributor
Contributor

I used the administrator@mydomain.com to install the IaaS service, it's the same user for the IaaS admin too, and I've put this user in the local admin.

0 Kudos
ztwy
Contributor
Contributor

I sorted it out. In fact, I used the default tenant (vsphere.local) to try to configure IaaS Infrastructure, which brought me into errors.

Now I created a new tenant, and log in to it, all is OK. I don't understand why ?

0 Kudos
JihemmeT
Enthusiast
Enthusiast

You shouldn't have issues with default tenant, some solutions don't even use another one (private clouds for example).

Which leave us with 2 explanations :

- you forgot something somewhere, this can very easily happen.

- you encounter a special bug with your own environment that doesn't exist elsewhere, something like using french letters for some users that solution can't sort very well (I know what it is, I'm french...).

Can you provide us the tutorial / documentation you followed to build your system ?

0 Kudos
ztwy
Contributor
Contributor

Bonjour JihemmeT,

Thanks for your reply (J'habite en France Smiley Wink)

All my envionment are in English version. I refered VMware vCloud Automation Center 6.0 Documentation Center and vCAC 6 Install Quick Start Guide Part 1 | VMtoCloud.com to build my system.

Yestoday, I completely re-installed the IaaS service on my Windows server. I always have issue with the default tenant, but the error message is different.

Here are two screen shots, the first is the one when I tried to log in to the default tenant (https://vra62.test.com/vcac/org/vsphere.local), the second is the one when I log in to the lab tenant (https://vra62.test.com/vcac/org/lab/). Both use the same credential.

I wonded if there are something related to the vcenter SSO ?

default_tenant.jpg

lab_tenant.jpg

0 Kudos
JihemmeT
Enthusiast
Enthusiast

Hello,

The 401 Error is typically a time sync problem, usually.

The tutorial you use is very good (just make sure you use the latest version of the precheck script for IaaS requirements - if you still have problems try disabling firewall as well), here are some others that may help you to figure out where your problem may be :

http://www.virtxpert.com/vmware-vrealize-automation-application-services-series/

http://dailyhypervisor.com/vcac-6-0/

http://www.virtualjad.com/2014/12/vrealize-automation-62-install-and.html

William Lam even made very interesting stuff to deploy a ful environment only using automated methods :

http://www.virtuallyghetto.com/2013/12/automating-vcac-vcloud-automation.html

http://www.virtuallyghetto.com/2013/12/automating-vcac-vcloud-automation_23.html

0 Kudos
GrantOrchardVMw
Commander
Commander

If this is only happening in a single tenant then you've definitely hit a bug. Typically (as stated by others) time sync, or certificate issues are going to be the culprit behind such an error, but they would affect all tenants.

Suggest contacting support to get it resolved, or building a new environment.

Cheers,

Grant

Grant http://grantorchard.com
0 Kudos
ztwy
Contributor
Contributor

Could be an issue with the vCenter SSO service ? I have encounted a problem when installing the IaaS service on my Windows server. I have to update my vcenter to get it out.

0 Kudos
kumarankpl
Hot Shot
Hot Shot

Can you try the steps outlined by Sven in the below post? From the logs you attached it seems to fail with signature validation.

Re: requestCatalogItem doesn't work anymore after Upgrade form 6.1.x to 6.2 in vCO

i opened a case at VMware. There will be a fix for this in Version 6.2.2. In the mean time there is a workaround. You can bypass signature validation on the IaaS server. Then it works again.

1) In C:\Program Files (x86)\VMware\vCAC\Web API\Web.config, add the following lines to the section:

<add key="DisableMessageSignatureCheck" value="true"/>

<add key="DisableBodyHashCheck" value="true"/>

<add key="DisableSAMLTokenSignatureCheck" value="true"/>

2) Add the same lines to the section in C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Web\Web.config.

3) Add the same lines to the section in C:\Program Files (x86)\VMware\vCAC\Server\Website\Web.config.

4) Restart all IaaS servers. Once they're back up, restart the identity appliance, and then the vCAC VA.

Regards Sven

ztwy
Contributor
Contributor

Hi kumarankpl

With the workaroud you gave, it's OKSmiley Happy, I have access to the Infrastructure tab without any issues ! So it's a certificate related bug ? Hope it will be fixed soon.

Thanks

0 Kudos
kumarankpl
Hot Shot
Hot Shot

It will be fixed part of later version for sure Smiley Happy

0 Kudos
Bryan_Erwin
Enthusiast
Enthusiast

After upgrade from vRA 6.1 to vRA 6.2 I started getting many of the errors listed in this thread. I was getting the 401 errors in the vRA website and "VMware GUI Administration" errors on the IaaS server. Following the file updates you described all access to webpages is restored.

Thanks

0 Kudos