1 2 3 Previous Next 40 Replies Latest reply on Jun 7, 2012 9:55 AM by RoscoT

    vMA 4.1 error Failed to add users.

    Silverchenau Enthusiast

      hi, guys:

      I have just installed a new vCenter 4.1 with 1 esxi 4.0u2 and 1 esxi 4.1.

      I have downloaded vMA 4.1 and try to use AD auth to connect vCenter.

      I have joined the vMA into domain and restarted vMA.

      However, when I tried to add vCenter with --authpolicy adauth, it asked me to type in username for vCenter server.

      I typed mydomain
      myaccount

      It gave me Error: Failed to add users

       

      Can you tell me why?

       

      Thanks alot

       

       






      - Silver

       

      My Vmware blog: http://geeksilverblog.com

        • 1. Re: vMA 4.1 error Failed to add users.
          Silverchenau Enthusiast

          sorry, it seems I can't type slash slash in this form.

          I follow vMA 4.1 docs and typed MYDOMAIN "slash""slash" myusername

           

           






          - Silver

           

          My Vmware blog: http://geeksilverblog.com

          • 2. Re: vMA 4.1 error Failed to add users.
            lamw Guru
            VMware EmployeesCommunity Warriors

            If you look in /var/log/vmware/vma/vifpd.log you'll probably see an entry that says the following:

             

            [2010-07-20 09:16:20.527 429C0940 info 'App'] command-> 1
            [2010-07-20 09:16:20.528 4091D940 info 'App'] ADDSERVER
            [2010-07-20 09:16:20.528 429C0940 info 'App'] MessageQueue::RecvMessage - Queue id is 0
            [2010-07-20 09:16:20.539 4091D940 info 'App'] Already connected.
            [2010-07-20 09:16:20.540 4091D940 error 'App'] addserver: Error occured while adding users for reflex.primp-industries.com ..rolling back. User PRIMP-INDUSTR
            IES.COM\primp does not exist. .
            

             

            For whatever reason, it's unable to locate the user in the domain. However, if you do something like "id " I can verify that it does see the user. I can also verify by running lw-find-user-by-name:

             

            [vi-admin@tancredi bin]$ ./lw-find-user-by-name primp
            User info (Level-0):
            ====================
            Name:     primp
            SID:      S-1-5-21-503341760-968948550-2164105906-1105
            Uid:      1058014289
            Gid:      1058013696
            Gecos:    primp primp
            Shell:    /bin/bash
            Home dir: /home/local/PRIMP-IND/primp
            

             

            Might be another bug in vMA 4.1 ....

             

             

             

            =========================================================================

            William Lam

            VMware vExpert 2009,2010

            VMware scripts and resources at: http://www.virtuallyghetto.com/

            Twitter: @lamw

            vGhetto Script Repository

            Getting Started with the vMA (tips/tricks)

            Getting Started with the vSphere SDK for Perl

            VMware Code Central - Scripts/Sample code for Developers and Administrators

            VMware Developer Community

             

            http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

             

            If you find this information useful, please award points for "correct" or "helpful".

            • 3. Re: vMA 4.1 error Failed to add users.
              lamw Guru
              Community WarriorsVMware Employees

              Okay, I got it working and you may be running into the issue due few potential reasons.

               

              1) After joining vMA to AD, you must reboot ... this was my issue

              2) You only need to use the "2 slashes" if you specify --username from the CLI as the first "slash" would need to be escaped, else you only need to use "1 slash" if you're being prompted.

              3) You're specifying the incorrect user and/or domain

               

              For issue #2: You will need to do one of the following:

               

              a)

               

              [vi-admin@tancredi ~]$ sudo vifp addserver reflex.primp-industries.com --authpolicy adauth --username PRIMP-IND\\primp
              

               

              b)

              [vi-admin@tancredi ~]$ sudo vifp addserver reflex.primp-industries.com --authpolicy adauth
              Enter username for reflex.primp-industries.com: PRIMP-IND\primp
              

               

              For issue #3, you may be providing the wrong username and/or domain. The easiest way to figure this out is to use Likewise's lw-find-user-by-name command:

               

              [vi-admin@tancredi ~]$ /opt/likewise/bin/lw-find-user-by-name primp
              User info (Level-0):
              ====================
              Name:     primp
              SID:      S-1-5-21-503341760-968948550-2164105906-1105
              Uid:      1058014289
              Gid:      1058013696
              Gecos:    primp primp
              Shell:    /bin/bash
              Home dir: /home/local/PRIMP-IND/primp
              

               

              The full username including domain that you must use is PRIMP-IND/primp as seen by the Home dir setting. You will need to substitute whatever username you're trying to query and ensure that matches up before providing that as "adauth" to vifp

               

              Hopefully this help

               

               

               

              =========================================================================

              William Lam

              VMware vExpert 2009,2010

              VMware scripts and resources at: http://www.virtuallyghetto.com/

              Twitter: @lamw

              vGhetto Script Repository

              Getting Started with the vMA (tips/tricks)

              Getting Started with the vSphere SDK for Perl

              VMware Code Central - Scripts/Sample code for Developers and Administrators

              VMware Developer Community

               

              http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

               

              If you find this information useful, please award points for "correct" or "helpful".

              • 4. Re: vMA 4.1 error Failed to add users.
                damiankarlson Enthusiast
                vExpert

                Hey guys, I think I'm having the same sort of issue.

                 

                1.) I downloaded and installed VMA

                2.) I joined it to the domain, rebooted and then verified it with "sudo domainjoin-cli query"

                3.) Logged in as vi-admin, I issue "vifp addserver fqdn-vcenterserver --authpolicy adauth"

                4.) When prompted for the username, I get "Error: failed to add users" for any of the following responses: DOMAIN\username (with 2 slashes, but this forum breaks that), DOMAIN/username, or simply username

                5.) When I enter DOMAIN\username, I don't get prompted for the password.

                 

                 

                 

                Any ideas?

                • 5. Re: vMA 4.1 error Failed to add users.
                  lamw Guru
                  VMware EmployeesCommunity Warriors

                  If you take a look at my previous post, you'll realize there is a typo in VMware's documentation and I mentioned what you need to use in terms of the "slashes" that are required.

                   

                  If you added your vCenter server and you waited for the username to be prompted, the proper syntax will be "DOMAIN\username" and if you get no output after the command, it means it was successful. You can easily validate that by listing all your fastpass targets and you'll notice there are two types: fpauth and adauth which are for fastpass auth using the normal credentials OR aduath where it's using AD

                   

                  To do so, run:

                   

                  [vi-admin@tancredi ~]$ vifp listservers -l
                  esx4-1.primp-industries.com     ESX     fpauth
                  manaslu.primp-industries.com    vCenter fpauth
                  esxi4-3.primp-industries.com    ESXi    fpauth
                  reflex.primp-industries.com     vCenter adauth
                  

                   

                  You can see the very last entry was added using adauth

                   

                  Hopefully this clears up any confusion.

                   

                   

                   

                   

                   

                   

                  =========================================================================

                  William Lam

                  VMware vExpert 2009,2010

                  VMware scripts and resources at: http://www.virtuallyghetto.com/

                  Twitter: @lamw

                  vGhetto Script Repository

                  Getting Started with the vMA (tips/tricks)

                  Getting Started with the vSphere SDK for Perl

                  VMware Code Central - Scripts/Sample code for Developers and Administrators

                  VMware Developer Community

                   

                  http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                   

                  If you find this information useful, please award points for "correct" or "helpful".

                  • 6. Re: vMA 4.1 error Failed to add users.
                    damiankarlson Enthusiast
                    vExpert

                     

                    Yes, thank you William, that does clear up a bit of confusion. After its been added is the expected behavior that I should be able to login to VMA using my domain credentials and run vicfg commands against specific hosts without having to reauthenticate each time?

                     

                     

                    When I login using my domain credentials (which has full admin access in vCenter), and I attempt to run a command like vicfg-nics -l --vihost esxhostname, I get prompted for a username and password. Entering DOMAIN\username and password gets me  "Error connecting to server at 'https://localhost/sdk/webService': Connection refused"

                     

                     

                    I guess I just want to make sure that its not working correctly, and not that I have different expectations.

                     

                     

                    Thanks so much for your help.

                     

                     

                    • 7. Re: vMA 4.1 error Failed to add users.
                      Silverchenau Enthusiast

                      Yes, I have exact same trouble as Damina mentioned above.

                       

                      I haven't touched server for over night. When I tried to log in again this morning, I saw following respond.

                       

                      $ vifp addserver myvCenter.mydomain.com --authpolicy adauth

                      Enter username for myvCenter.mydomain.com: mydomain\myusername

                       

                      That's it. The screen finished without asking me to even typing in password.

                      If you do a listservers, you will see vcenter server is there.

                       

                      Then, I tried to run vicfg-nics -l, I got following.

                       

                      $ vicfg-nics -l

                      Enter username: root

                      Enter password:

                      Error connecting to server at 'https://localhost/sdk/webService': Connection refused

                       

                      I tired to remove vcenter from list and reboot vMA. nothing works.

                       

                      Can you explains why it happens?

                       

                       

                       

                       






                      - Silver

                       

                      My Vmware blog: http://geeksilverblog.com

                      • 8. Re: vMA 4.1 error Failed to add users.
                        Silverchenau Enthusiast

                        If I may, I would like to add some interesting facts.

                         

                        I tried the "id" command, I was log in as vi-admin. so it shows vi-admin.

                        Then, I tried to use /opt/likewise/bin/lw-find-user-by-name myusername

                        it says failed to located users. No such user.

                         

                        Then, I logoff and log on as mydomain\myusername, I successfully logged in. (Does it proves I have added vMA to domain successfully?).

                        I also double check my domain and I can see my VMA machine account.

                         

                        But my domain account doesn't allow me to use vifp and also I use  /opt/likewise/bin/lw-find-user-by-name myusername to look for my domain user again, I got same  failed to located users. No such user.

                         

                        If I can recall, I encountered following things when I tried to join my vma to domain.

                        I got

                         

                        Warning: Unknown pam module.

                        The likewise PAM module cannot be configured for the wbem service. This servics uses the '$ISA/pam_unix.so' module, which is not in this

                        programs' list of known modules. Please email Likewise technical support and include a copy of /etc/pam.conf or /etc/pam.d

                         

                        Warning: A resumeable error occured while processing a module.

                        Even though the configuration of 'pam' was executed, the configuration did not fully complete. Please contact Likewise support.

                         

                        SUCCESS.

                         

                        If I use sudo domainjoin-cli query, it shows everything correctly.

                         

                        Was my joining to domain success or failure? Why I can't search my domain account?

                         

                         

                         






                        - Silver

                         

                        My Vmware blog: http://geeksilverblog.com

                        • 9. Re: vMA 4.1 error Failed to add users.
                          lamw Guru
                          Community WarriorsVMware Employees

                          Did you actually initialize and set your fastpass target? The only reason you would see this error:

                           

                           

                          "https://localhost/sdk/webService': Connection refused"

                           

                           

                          is that the script is trying to connect locally which is not correct, as it's neither a vCenter or ESX(i) target.

                           

                          To initialize the target in question which is your vCenter host, you need to do the following:

                          [vi-admin@tancredi ~]$ vifptarget -s reflex.primp-industries.com
                          
                          [vi-admin@tancredi ~][http://reflex.primp-industries.com|http://reflex.primp-industries.com]$ esxcfg-nics -l --vihost himalaya.primp-industries.com
                          Name    PCI     Driver     Link Speed    Duplex MAC Address        MTU    Description
                          vmnic0  06:00.0 e1000e     Up   1000Mbps Full   00:30:48:d9:58:6a  1500   Intel Corporation 82574L Gigabit Network Connection
                          vmnic1  07:00.0 e1000e     Down 0Mbps    Half   00:30:48:d9:58:6b  1500   Intel Corporation 82574L Gigabit Network Connection
                          

                           

                           

                           

                          =========================================================================

                          William Lam

                          VMware vExpert 2009,2010

                          VMware scripts and resources at: http://www.virtuallyghetto.com/

                          Twitter: @lamw

                          vGhetto Script Repository

                          Getting Started with the vMA (tips/tricks)

                          Getting Started with the vSphere SDK for Perl

                          VMware Code Central - Scripts/Sample code for Developers and Administrators

                          VMware Developer Community

                           

                          http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                           

                          If you find this information useful, please award points for "correct" or "helpful".

                          • 10. Re: vMA 4.1 error Failed to add users.
                            lamw Guru
                            Community WarriorsVMware Employees

                            Please take a look at my previous response, you are in the same boat. You did not active the fastpass target and the script by default will try to connect to localhost which is not what you want.

                             

                            Also as I mentioned, to verify if you added a target successfully to vMA, you need to use "vifp listservers" and to see what authentication policy was used, you'll want to use -l flag

                             

                            [vi-admin@tancredi ~]$ vifp listservers -l
                            esx4-1.primp-industries.com     ESX     fpauth
                            esxi4-3.primp-industries.com    ESXi    fpauth
                            manaslu.primp-industries.com    vCenter fpauth
                            reflex.primp-industries.com     vCenter adauth
                            

                             

                            It's worth while to check out the vMA documentation which provides you with all this information

                             

                             

                             

                            =========================================================================

                            William Lam

                            VMware vExpert 2009,2010

                            VMware scripts and resources at: http://www.virtuallyghetto.com/

                            Twitter: @lamw

                            vGhetto Script Repository

                            Getting Started with the vMA (tips/tricks)

                            Getting Started with the vSphere SDK for Perl

                            VMware Code Central - Scripts/Sample code for Developers and Administrators

                            VMware Developer Community

                             

                            http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                             

                            If you find this information useful, please award points for "correct" or "helpful".

                            • 11. Re: vMA 4.1 error Failed to add users.
                              lamw Guru
                              Community WarriorsVMware Employees

                              Here is a more detail post regarding fpauth & adauth - http://www.virtuallyghetto.com/2010/07/vma-41-authentication-policy-fpauth-vs.html

                               

                               

                               

                               

                              =========================================================================

                              William Lam

                              VMware vExpert 2009,2010

                              VMware scripts and resources at: http://www.virtuallyghetto.com/

                              Twitter: @lamw

                              vGhetto Script Repository

                              Getting Started with the vMA (tips/tricks)

                              Getting Started with the vSphere SDK for Perl

                              VMware Code Central - Scripts/Sample code for Developers and Administrators

                              VMware Developer Community

                               

                              http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                               

                              If you find this information useful, please award points for "correct" or "helpful".

                              • 12. Re: vMA 4.1 error Failed to add users.
                                damiankarlson Enthusiast
                                vExpert

                                 

                                William, seriously, thanks for your help. I don't know if I'm just too dense lately or what, but I swear that VMA documentation was giving me fits. Your blog post, on the other hand, was much clearer -- thank you for that! I've subscribed to it, BTW. There's some really good stuff in there.

                                 

                                 

                                On to the topic at hand -- I killed the installation of VMA that I had yesterday, removed it from the domain, etc -- then I deployed a fresh copy and set it up, joined to the domain, etc.

                                 

                                 

                                Following your blog for the AD integration steps:

                                 

                                 

                                1.) Logged in as vi-admin and added the vCenter target using my AD credentials (I'm a domain admin and have full admin rights in vCenter)

                                2.) Verified the target was setup using adauth

                                3.) Opened up another Putty session and logged into VMA using my AD credentials

                                4.) Set the fastpass target to the newly added vCenter

                                5.) Did an esxcfg-nics -l --vihost esxserver (using the name of one of my primary ESX 4.0 hosts), and I was prompted for a username

                                 

                                 

                                After entering my username and password, the command worked, but I get prompted for username and pass for every command after that. Based on your blog, I don't believe that this is expected behavior.

                                 

                                 

                                • 13. Re: vMA 4.1 error Failed to add users.
                                  lamw Guru
                                  VMware EmployeesCommunity Warriors

                                  The expected behavior is what is stated on my blog.

                                   

                                  Few things to consider, ensure you do perform a reboot of your vMA host after you join the domain and before you add new targets. When you're removing the target from AD, ensure you actually delete the object from your AD server if it has not been already. Also make sure the name of the ESX(i) host, is the same name as shown in vCenter server, if you added the host using FQDN, then you need to specify FQDN to --vihost

                                   

                                   

                                   

                                   

                                  =========================================================================

                                  William Lam

                                  VMware vExpert 2009,2010

                                  VMware scripts and resources at: http://www.virtuallyghetto.com/

                                  Twitter: @lamw

                                  vGhetto Script Repository

                                  Getting Started with the vMA (tips/tricks)

                                  Getting Started with the vSphere SDK for Perl

                                  VMware Code Central - Scripts/Sample code for Developers and Administrators

                                  VMware Developer Community

                                   

                                  http://engineering.ucsb.edu/~duonglt/vmware/vexpert_silver_icon.jpg

                                   

                                  If you find this information useful, please award points for "correct" or "helpful".

                                  • 14. Re: vMA 4.1 error Failed to add users.
                                    Silverchenau Enthusiast

                                    hi,guys:

                                    I'm having exact same issues as damiankarlson has. I always got prompt for username and password when I tried to run

                                    vmware-cmd -l --vihost esxhost.domain.com

                                     

                                    Strange enough, when I tried to add vCenter into server list, system only ask for username but not password.

                                    $ vifp addserver vcenter.mydomain.com --authpolicy adauth

                                    Enter username for vcenter.mydomain.com: domain\myusername

                                     

                                    For some reason, I don't think vMA pass credential successfully since it doesn't store password for adauth in local store.

                                     

                                     






                                    - Silver

                                     

                                    My Vmware blog: http://geeksilverblog.com

                                    1 2 3 Previous Next