I followed up the guideline to install vCAC 6.2. I'm pretty sure installation was good.
After installation of vCAC appliance, I connect it to my vCenter Server 5.5 SSO (Windows based).
Then I login to vCAC console by firstname.lastname@example.org and assigned a domain account to infrastructure administrators group.
Then I login vCAC console by the domain account, I see "infrastructure" tab, but whatever I click under the tab it show me "You have no authority to view this page. The system logs all attempts at inappropriate access".
System time are same on SSO, vCenter and vCAC.
Domain is in identity stores of my default tenant.
IaaS components was installed by following up the guideline.
My account even has local administrator permission on IaaS server.
I deployed twice, first time IaaS server was Windows 2008, then 2012. Both same error.
It's only on infrastructure tab.
Does anybody have a idea?
I sorted it out. In fact, I used the default tenant (vsphere.local) to try to configure IaaS Infrastructure, which brought me into errors.
Now I created a new tenant, and log in to it, all is OK. I don't understand why ?
You shouldn't have issues with default tenant, some solutions don't even use another one (private clouds for example).
Which leave us with 2 explanations :
- you forgot something somewhere, this can very easily happen.
- you encounter a special bug with your own environment that doesn't exist elsewhere, something like using french letters for some users that solution can't sort very well (I know what it is, I'm french...).
Can you provide us the tutorial / documentation you followed to build your system ?
Thanks for your reply (J'habite en France )
All my envionment are in English version. I refered VMware vCloud Automation Center 6.0 Documentation Center and vCAC 6 Install Quick Start Guide Part 1 | VMtoCloud.com to build my system.
Yestoday, I completely re-installed the IaaS service on my Windows server. I always have issue with the default tenant, but the error message is different.
Here are two screen shots, the first is the one when I tried to log in to the default tenant (https://vra62.test.com/vcac/org/vsphere.local), the second is the one when I log in to the lab tenant (https://vra62.test.com/vcac/org/lab/). Both use the same credential.
I wonded if there are something related to the vcenter SSO ?
The 401 Error is typically a time sync problem, usually.
The tutorial you use is very good (just make sure you use the latest version of the precheck script for IaaS requirements - if you still have problems try disabling firewall as well), here are some others that may help you to figure out where your problem may be :
William Lam even made very interesting stuff to deploy a ful environment only using automated methods :
If this is only happening in a single tenant then you've definitely hit a bug. Typically (as stated by others) time sync, or certificate issues are going to be the culprit behind such an error, but they would affect all tenants.
Suggest contacting support to get it resolved, or building a new environment.
Can you try the steps outlined by Sven in the below post? From the logs you attached it seems to fail with signature validation.
i opened a case at VMware. There will be a fix for this in Version 6.2.2. In the mean time there is a workaround. You can bypass signature validation on the IaaS server. Then it works again.
1) In C:\Program Files (x86)\VMware\vCAC\Web API\Web.config, add the following lines to the section:
<add key="DisableMessageSignatureCheck" value="true"/>
<add key="DisableBodyHashCheck" value="true"/>
<add key="DisableSAMLTokenSignatureCheck" value="true"/>
2) Add the same lines to the section in C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Web\Web.config.
3) Add the same lines to the section in C:\Program Files (x86)\VMware\vCAC\Server\Website\Web.config.
4) Restart all IaaS servers. Once they're back up, restart the identity appliance, and then the vCAC VA.
After upgrade from vRA 6.1 to vRA 6.2 I started getting many of the errors listed in this thread. I was getting the 401 errors in the vRA website and "VMware GUI Administration" errors on the IaaS server. Following the file updates you described all access to webpages is restored.