I am attempting to run the "add the IaaS host of a vCAC host" and receive the following error below. I have tried every user from administrator@vsphere.local to the Admin service account I used to install IaaS. Anyone have screen shots of the proper "Authentication User name", fully qualified URL for the "Host URL" and "Domain for NTLM authentication"?
Exception:
to trouble shoot the security issue we were having; we checked the security event logs on the IaaS box and saw the failed authentication requests. We were able to determine that the domain entry we were using "ad.ufl.edu" was not working. We ended up having to use one of the domain alias's "UFAD" instead. Id check out the security logs on the IaaS box and see if you can find the failed auth error in there to see if that gives you any helpful information. I believe we also checked the Model Manager Web logs at <install dir>\Server\Model Manager Web\Logs on the IaaS box but they didn't really help in our specific instance.
The credential to use is the service account you use for running the IaaS services as.
I am using that account. I have tried both short and FQDN.
What specific version of vCAC are you running? Is this a distributed installation or are all of the IaaS components on one server? Any VIP involved? If it is distributed you need to point to the vip or hostname of the server hosting the management service.
we ended up using:
note our domain is ad.ufl.edu but i had to use the alias. No domain info in the username section. Use https:// for the host address. It also helped once to manually import the SSL certificate from the iaas box into the vco administration console and ensure the entire cert chain was there too.
Thank you for the screen shots, it was what i was looking for. Unfortunately its what i was doing and no luck. The service account i am using to run this workflow is also the same account that DEM, DEO, VCAC Agent and VCAC service are running as on the VAAI Windows server.
- VCAC Version: Build 6.0-1720522
- All IaaS components are installed on one Windows server
- No VIPs
honestly i would tell you to wait for the 6.1 release. 6.0 has been very very buggy to say the least and we are expecting a lot of fixes in 6.1. I've heard GA for 6.1 will be 9/11 but i haven't been able to confirm it.
to trouble shoot the security issue we were having; we checked the security event logs on the IaaS box and saw the failed authentication requests. We were able to determine that the domain entry we were using "ad.ufl.edu" was not working. We ended up having to use one of the domain alias's "UFAD" instead. Id check out the security logs on the IaaS box and see if you can find the failed auth error in there to see if that gives you any helpful information. I believe we also checked the Model Manager Web logs at <install dir>\Server\Model Manager Web\Logs on the IaaS box but they didn't really help in our specific instance.
That was it, looks like the Windows Log indicated that the domain portion of the Orchestrator job was causing a problem. Switched to the domain Alias and it worked like Charm. Thank you for the the help!