Solved: Re: vRA8 vra8-lb-vip.localhost.local redirects to ...

evil242 · ‎03-06-2023

I am trying to protect appliances by positioning them behind a load balancer with firewall protection of direct connection to the appliance members. However when attempting to connect to vRA8 vra8-lb-vip.localhost.local which redirects to th vidm-lb-vip.localhost.local(this is what we want) but then it redirects direct to the vIDM appliance pool member vidm-02. This fails because the client is blocked from the protected appliances.

I used lcm and deployed a cluster for which I pre-setup the load balancer VS/VIP and pool with 3 pool members for the IPs I would use.

Does anyone have input on how to get it to not redirect to the vIDM appliance pool member, but instead stay connected to the vidm-lb-vip?

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist  *     .    +    *  .   +   .     +   .    +     *   +             
UNM – IT Platforms – VIS  + .  . .     .    .  .    .     .             .        
          .       +    .      +       *        .          +  *   .
      *     .  .      +      .        .   .   .      +   .    +     *   +        .
“You learn the job of the person above you,     *     +   .    +     *    @       
and you teach your job to the person below you..”              .    *         +

bdamian · ‎03-07-2023

Saddly, LCM doesn't set all needed configurations in vIDM when you deploy it in cluster mode.

After you configure the Active Directory Domain in LCM, you need to:

Navigate the FQDN of vIDM
Login as admin of the System Domain
Enter to the Administration Console
Select your domain
Go to Identity Providers and set the remaining vIDM virtual appliances as connectors and set the Hostname as the Balanced VIP FQDN.

I've wrote a post in my blog with the step by step to fix this (in Spanish): https://tecnologiaimasd.blogspot.com/2023/03/vmware-aria-vra-no-redirecciona-la-ip.html

I hope it helps.

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian

View solution in original post

bdamian · ‎03-07-2023

Saddly, LCM doesn't set all needed configurations in vIDM when you deploy it in cluster mode.

After you configure the Active Directory Domain in LCM, you need to:

Navigate the FQDN of vIDM
Login as admin of the System Domain
Enter to the Administration Console
Select your domain
Go to Identity Providers and set the remaining vIDM virtual appliances as connectors and set the Hostname as the Balanced VIP FQDN.

I've wrote a post in my blog with the step by step to fix this (in Spanish): https://tecnologiaimasd.blogspot.com/2023/03/vmware-aria-vra-no-redirecciona-la-ip.html

I hope it helps.

---
Damián Bacalov
vExpert 2017-2023 (7 years)
https://www.linkedin.com/in/damianbacalov/
https://tecnologiaimasd.blogspot.com/
twitter @bdamian

evil242 · ‎03-07-2023

Thank you. I had found a similar blog. I also had to restart the vIDM cluster.

Now the question is how to get vRA console connection to proxy/ auto accept the ESXi host certificate and not redirect the user to protected ESXi.host.local:902

https://communities.vmware.com/t5/Aria-Automation-Tools/vRA-Cloud-SaaS-console-to-VMs-not-working/m-...

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist  *     .    +    *  .   +   .     +   .    +     *   +             
UNM – IT Platforms – VIS  + .  . .     .    .  .    .     .             .        
          .       +    .      +       *        .          +  *   .
      *     .  .      +      .        .   .   .      +   .    +     *   +        .
“You learn the job of the person above you,     *     +   .    +     *    @       
and you teach your job to the person below you..”              .    *         +

All

vRA8 vra8-lb-vip.localhost.local redirects to vidm-lb-vip.localhost.local redirects to vidm-02