2 Replies Latest reply on Apr 27, 2017 10:45 AM by 5mall5nail5

    vRA "public" URL kicks over to IaaS .local URL

    5mall5nail5 Enthusiast

      Hello all - I have a vRA 7.2 environment that I am using to trial some things before going live with it.  My ideal solution will be having clients be able to access my vRA deployment by going to cloud.domain.com/vcac/org/[client]   - I have this working, except when they have to authenticate, it's kicking them to the FQDN of my IaaS server and that was installed/configurated (wizard) at its internal FQDN of IaaS1.domain.local - obviously this will not work on the internet (or even internally if clients don't get .local resolution).

       

      What am I missing here?  Thanks!

        • 1. Re: vRA "public" URL kicks over to IaaS .local URL
          rstoker13 Enthusiast
          VMware Employees

          Are you performing a simple install(1 vRA appliance and 1 Windows IaaS)? Load balancer?

           

          In my simple deployment with no load balancer for our Dev environment, I chose the settings below. IaaS Web Address should be the address used by clients to access. Notice that in my environment, this is a CNAME that references the A record for the IaaS server.

           

          vra72IaaSinstall.png

           

          Also, when using a CNAME or alternate DNS record for the vRA appliance web address, the IDP will be affected. This problem doesn't manifest itself for users of vRA but will cause problems if you use the integrated vRO Instance. You will need to modify the following setting in the IDP to match the public DNS value for the vRA appliance. See the post and KB below:

           

          Inconsistencies between the IDP hostname and the vRA hostname producing behavior and authentication issues in vRealize A…

          Logging in to embedded vRealize Orchestrator fails (2146063) | VMware KB

           

          vra72IaasIDP.png

          • 2. Re: vRA "public" URL kicks over to IaaS .local URL
            5mall5nail5 Enthusiast

            Thanks rstoker13!  Yes, I am using a simple install for testing purposes, no LBs yet (though I am going to be looking to LB this soon, so I am sure I'll have more questions then).

             

            I see what I did wrong - when I deployed I put the FQDN of the .local name for the IaaS server for "IaaS Web Address" - naturally that won't work.  I wish there was a little comment there like in the vRA field.

             

            That said - is it too late to change?  Also, how can I put a valid external cert on the IaaS server then?  I had issues with it complaining that the SAN, blah blah.


            I appreciate your response I would have never found the KB below, actually!

             

             

            Edit:  I changed the IdP hostname to match my FQDN config for vRA (cloud.domain.com) and no longer get kicked over to vra.domain.local

             

            But how do I change the IaaS web address and do I even bother?