VMware Cloud Community
ahola
Enthusiast
Enthusiast
‎07-25-2012 04:53 PM
Jump to solution

Active Directory: Error in plug-in

Folks -

I am running into some basic issues with AD plugin in vCO. I was able to install/load the AD plugin successfully. However, when I log into the vCO Client and go to the Inventory tab, I see "Error in plug-in" under Active Directory. See attached stacktrace. Error message: Exception: Unable to perform operation 'fetchRelation' on finder 'RootItem' reason: null

Here is the AD related usecase that we would like to accomplish - wondering if it is possible or not:

1. The account that we use to log in to AD has read-only access to the complete directory and update privilege for AD groups that we want to update.

2. From within vCO, we would want to be able to perform the following operations:

    -- get members of a given AD Group

    -- add/delete members for a given AD Group

Wondering if the above usecase is possible or not.

Appreciate your help.

Cheers,

Shashi

0 Kudos
1 Solution

Accepted Solutions
igaydajiev
VMware Employee
VMware Employee
‎08-02-2012 12:23 PM
Jump to solution

Ok ,here are the results from investigation. Hopefully they will  help to someone else :
Following error was observed in server.log :
...
2012-08-02 18:09:20.296+0000 ERROR [MSPluginFactory] Unable to create initial LDAP Context
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�]
This error implies missing user in AD server.
1. vCO is configured to use the embeded LDAP server that comes with the vCO appliance.
2. Active Directory plugin is configured against different  Active Directory server.
When "Use a shared session" checkbox is not switched on in the configuration of Active Directory plugin, the plugin will use the credentials provided in vCO client login to connect (e.g. valid for embedded LDAP server and most likely not valid in context of AD server configured for the plugin).
Solution :
Check "Use a shared session" and provide account that has privileges to perform required actions.

View solution in original post

0 Kudos
8 Replies
ahola
Enthusiast
Enthusiast
‎07-25-2012 04:53 PM
Jump to solution

Attached the missing stacktrace.

Preview file
211 KB
0 Kudos
Beansley
Contributor
Contributor
‎07-30-2012 08:55 AM
Jump to solution

I saw the same thing with my environment.  Please see the following VMware KB: 2021064 (was a simple plug in config issue).

Dave

0 Kudos
ahola
Enthusiast
Enthusiast
‎07-30-2012 02:16 PM
Jump to solution

Thanks - that is the same issue that I ran into. However, trying to use the workaround, the plugin is in this wierd stuck state - when I try to access the plugin to configure it - it shows me the following stack trace.

Now I cannot configure/de-install this AD plugin? Wondering if there is a way to deinstall the AD plugin and start its installation from a pristine state. I can't see an easy way to accomplish this? Any ideas?

HTTP ERROR 500

Problem accessing /o11nplugin-ad-config/Default.action. Reason:

    INTERNAL_SERVER_ERROR

Caused by:

java.lang.NullPointerException
     at ch.dunes.ad.object.ADBase.<init>(ADBase.java:48)
     at ch.dunes.ad.object.Container.<init>(Container.java:67)
     at ch.dunes.ad.object.OU.<init>(OU.java:25)
     at ch.dunes.common.tools.MSConnectionHelper.createBaseOU(MSConnectionHelper.java:129)
     at ch.dunes.common.plugin.config.MSConfigurationAdaptor.validateUserConnection(MSConfigurationAdaptor.java:703)
     at ch.dunes.common.plugin.config.MSConfigurationAdaptor.validateConfiguration(MSConfigurationAdaptor.java:653)
     at com.vmware.vmo.plugin.ms.config.web.actions.ConfigureAction.execute(ConfigureAction.java:63)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:404)
     at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:267)
     at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:229)
     at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:221)
     at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:86)
     at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
     at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:222)
     at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
     at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
     at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:150)
0 Kudos
Burke-
VMware Employee
VMware Employee
‎07-30-2012 02:20 PM
Jump to solution

Login to your vCO Configuration page and go to the Troubleshooting section... In the right pane, there should be a link that allows you to Force a Reinstall of all plug-ins (Reset) - no workflows or data will be lost, but this may help your situation. Once you click that link, try restarting your service (if the vCO Config page doesn't let you, then try using the OS Services management)

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you!

Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator
for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
ahola
Enthusiast
Enthusiast
‎07-30-2012 02:28 PM
Jump to solution

We are using quite a few plugins - SOAP, SQL, RabbitMQ, REST, ... Do not want to touch any of the other plugins as we have endpoints configured as well. Is there an alternate way to just nuke the AD plugin?

0 Kudos
igorstoyanov
VMware Employee
VMware Employee
‎07-30-2012 02:30 PM
Jump to solution

Then you can try to unistall the plugin following this KB article:

Uninstalling a plug-in from VMware vCenter Orchestrator

Visit http://blogs.vmware.com/orchestrator for the latest in Cloud Orchestration.
ahola
Enthusiast
Enthusiast
‎07-31-2012 12:50 PM
Jump to solution

Thanks Igor. That helped.

However, I am back at the same point where I started. The same error continues to persist no matter what I do. The strange thing is I do not see any more configuration that I can tweak. There is the one place where I specify the AD credentials and they seem to work since I see the plugin icon color coded in GREEN in the Orchestrator Configuration page. Kind of little frustrating to not be able to proceed any further.

0 Kudos
igaydajiev
VMware Employee
VMware Employee
‎08-02-2012 12:23 PM
Jump to solution

Ok ,here are the results from investigation. Hopefully they will  help to someone else :
Following error was observed in server.log :
...
2012-08-02 18:09:20.296+0000 ERROR [MSPluginFactory] Unable to create initial LDAP Context
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece�]
This error implies missing user in AD server.
1. vCO is configured to use the embeded LDAP server that comes with the vCO appliance.
2. Active Directory plugin is configured against different  Active Directory server.
When "Use a shared session" checkbox is not switched on in the configuration of Active Directory plugin, the plugin will use the credentials provided in vCO client login to connect (e.g. valid for embedded LDAP server and most likely not valid in context of AD server configured for the plugin).
Solution :
Check "Use a shared session" and provide account that has privileges to perform required actions.
0 Kudos