1 2 Previous Next 23 Replies Latest reply on Jul 11, 2013 6:04 AM by Rogier76

    Authentication Error in vSphere Client

    hank-ger Enthusiast

      Hi,

      when anybody of my VM Users try to use the vCops Plugin in the vSphere Client he become an error message.

      "vCenter Server Authentication Error"

       

      error_vc.JPG

      Does anybody have the same issue?

      The Web-Client Acces is also not possible -> "User not authorized"

        • 1. Re: Authentication Error in vSphere Client
          Enthusiast

          Hi, VCOps can be accessed only by a user with an administrative rights. Most probably your VM users don't have such rights.

          Please check if this is the case.

           

          Thanks!

          • 2. Re: Authentication Error in vSphere Client
            hank-ger Enthusiast

            all Users are in the default "Virtual Maschine user".

            When I set "administrative rights" to the VM it doesn´t work too.

             

            What kind of administrative rights do they need?

            • 3. Re: Authentication Error in vSphere Client
              Enthusiast

              The user should be an administrator of the whole VC server.

              1 person found this helpful
              • 4. Re: Authentication Error in vSphere Client
                hank-ger Enthusiast

                You are right.

                But that is not acceptable!

                 

                May I have to call the support or open an feature request..

                • 5. Re: Authentication Error in vSphere Client
                  pfuhli Expert

                  Hi Henry,

                   

                  by going to https://your.vcops.ui.server/vcops-custom/ you can access the administration workspace of VCOPS.

                   

                  Login is admin

                  Password had to be set at the initial configuration by you. Hopefully you remember it ;-)

                   

                  Go to ADMIN => Security in the upper menu and check for user management.

                  vcops.PNG

                  At this stage it's just a guess but I think you need to assign roles to users. Users can be VCOPS local users or LDAP users.

                   

                  I think administrative users are allowed to use VCOPS UI by their high level rights in the vcenter.

                   

                  HTH

                   

                  daniel

                  • 6. Re: Authentication Error in vSphere Client
                    hank-ger Enthusiast

                    It works, thank you Daniel.

                    • 7. Re: Authentication Error in vSphere Client
                      Rincey Novice

                      Hi,

                      I was using the appliance and the /vcops-custom url as well.

                      I got up to the section in the Admin guide about enabling LDAP and thought it would be a good idea (I don't want everyone logging in as 'admin' and I don't want to manage users through the application - I'd rather they belong to an LDAP/AD group and get their rights that way).

                       

                      I entered all the LDAP configuration information under admin>security>Import from LDAP.

                      When I clicked ok, my browser locked up and eventually I got the page refreshed but it was back to the login page.

                       

                      So I re-logged in as 'admin', but the credentials weren't accepted. So I tried my own Active Directory account. It got me logged in, but to the https://vcops URL which isn't as usual as the custom URL, so I manually entered https://vcops/vcops-custom but I got a 404 error:

                      HTTP Status 404 - /vcops-custom


                      type Status report

                      message /vcops-custom

                      description The requested resource (/vcops-custom) is not available.


                      Apache Tomcat/6.0.26

                       

                      I'm using the vCOps appliance v5.0, Enterprise Edition, currently licensed with an eval key while I wait for our real key to appear on our portal.

                      vSphere - ESXi & vCenter - still at v4.1

                       

                      I only deployed it yesterday or the day before, so if I have to redeploy, I'm not going to lose a great deal of data/work. But I'd prefer if there was a way to get back into vcops without redeploying, then that would be appreciated.

                       

                       

                      Cheers

                      Scott

                      • 8. Re: Authentication Error in vSphere Client
                        Rincey Novice

                        unbelieveable - fixed itself.

                        decided to hit refresh on the error page again - now works, and local 'admin' account lets me back into the /vcops-custom URL

                         

                        weird.

                        • 9. Re: Authentication Error in vSphere Client
                          FGShepherdP10 Enthusiast

                          We're having similar issues with vCOPs 5:

                          • Non-Administrator users in VirtualCenter cannot use the plug-in
                          • Non-Administrator users in VirtualCenter cannot log into the web interface at .../vcops-vsphere
                          • LDAP-connected users cannot Authenticate to .../vcops-vsphere
                          • Locally-created users (in the -custom) interface cannot log into .../vcops-vsphere (known issue, according to Release Notes)

                           

                          Has anyone else found a way to use this product without making all users Administrators?  Such a great utility, but we can't remove RBAC entirely, just to get it to work.

                          • 10. Re: Authentication Error in vSphere Client
                            Hot Shot

                            You don't need administrative privileges to view VCOPS data. It is only required for registration. Make sure that the users have vCenter Operations privilege as part of their roles. This privilege should be available at the vCenter level.

                            • 11. Re: Authentication Error in vSphere Client
                              hank-ger Enthusiast

                              I think you mean this point:

                              Under: Roles - Global:

                              vcops-admin.jpg

                              • 12. Re: Authentication Error in vSphere Client
                                pilphil Lurker

                                Hi Hank-ger and krajah,

                                 

                                Could you please explain what you mean in your 2 preceeding posts?

                                Can users added via the vcops-custom->Admin->Security, not login to vcops-vsphere?

                                 

                                Thanks in advance for your time!

                                • 13. Re: Authentication Error in vSphere Client
                                  FGShepherdP10 Enthusiast

                                  SOLVED: (In response to my own post) I created a role called "vcops-user" and gave it Administrator permissions, then chopped away at it, leaving only the Global > vCenter Operations User checkbox, and it kept working the whole time.  Every user that I added to that role worked.  But when I added that Permission to existing users, they got the Authentication Error.

                                   

                                  The main difference:  The test "vcops-user" role was assigned as a permission at the Virtual Center object, the ROOT of vCenter-- the very highest level of the "Hosts and Clusters", while the users in question were assigned at lower levels in the hierarchy.  As soon as I added those users to the new permission, at the root of vCenter, they started working.

                                   

                                  So, we've made an Active Directory group called "vcops-users" and assigned them to the limited "vcops-user" Role, with only the vCenter Operations User permission checked, at the root level of vCenter and everything is working just fine.

                                  1 person found this helpful
                                  • 14. Re: Authentication Error in vSphere Client
                                    pilphil Lurker

                                    Thank you very much, FGShepherdP10, for your detailed explanation.

                                     

                                    I was able to create an Active Directory user, and assign the limited  "vcops-user" role to this user, per your post. This user can login to vcops-vsphere UI which is a big step forward.

                                    For this user to be able to login in vcops-custom UI, should I proceed to "Import LDAP User" as documented in the Admin Guide? Right now, an attempt to login to the vcops-custom UI results in an authentication error.

                                     

                                    Thanks again, for your help and guidance.

                                    1 2 Previous Next