Can't Authenticate the vRealize Orchestrator Clien...

ChrisKuhns · ‎09-14-2015

I am perplexed here. According to everything I have come across, my configuration is solid, and yes I have restarted the server, services, the whole nine yards!

I went in to the logs and found the following after trying to authenticate for the hundredth time.

2015-09-14 20:36:36.888+0000 [http-bio-10.10.19.98-8281-exec-7] ERROR {} [DefaultVerifier] User LDAP-USER-['ckuhns'] - DOMAIN.org\ckuhns doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).

2015-09-14 20:36:36.889+0000 [http-bio-10.10.19.98-8281-exec-7] ERROR {} [VcoFactoryServiceFacadeProxy] ch.dunes.util.NotAuthorizedException: [0002]User 'DOMAIN\ckuhns' is not authorized!

2015-09-14 22:22:50.938+0000 [http-bio-10.10.19.98-8281-exec-3] ERROR {} [DefaultVerifier] User LDAP-USER-['administrator'] - DOMAIN.org\administrator doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).

2015-09-14 22:22:50.939+0000 [http-bio-10.10.19.98-8281-exec-3] ERROR {} [VcoFactoryServiceFacadeProxy] ch.dunes.util.NotAuthorizedException: [0002]User 'administrator@DOMAIN.org' is not authorized!

2015-09-14 22:37:50.723+0000 [http-bio-10.10.19.98-8281-exec-4] ERROR {} [DefaultVerifier] User LDAP-USER-['ckuhns'] - DOMAIN.org\ckuhns doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).

2015-09-14 22:37:50.724+0000 [http-bio-10.10.19.98-8281-exec-4] ERROR {} [VcoFactoryServiceFacadeProxy] ch.dunes.util.NotAuthorizedException: [0002]User 'ckuhns@DOMAIN.org' is not authorized!

I can authenticate just fine from the Configuration screen, but not the client.

sbeaver · ‎09-14-2015

OK I will take a stab at it. In the picture you have selected the vcoadmin group to be the administrator group. Did you create an AD group called vcoadmin or is this pointing to the SSO group and if so did you add members to that group?

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**

iiliev · ‎09-15-2015

You can authenticate from Configurator screen because it is just an authentication - a simple verification whether your credentials are valid.

To login into vRO, you need to be authorized. There are 2 possible cases:

Your account ckuhns@domain.org is member of vRO Admin group you configured in vRO Configurator UI (from the screenshot, itt seems to be domain.org\vcoadmins). In this case, you don't need to perform any additional configuration and should be able to login.
Your account is not member of the configured admin group. In this case, you need to login to vRO Java client with the administrator account, go to Home tab, and assign permissions to group(s) the user ckuhns@domain.org is member of.

ChrisKuhns · ‎09-15-2015

I am a member of the group I created. Which is why I am confused... it doesn't make any sense. It should just zip right through.

ChrisKuhns · ‎09-15-2015

Also, I can't get ANY account to pass through. Nothing will authenticate at all. I have had LDAP and SSO. The SSO works fine on vCenter. No issues there.

iiliev · ‎09-15-2015

After configuring DOMAIN.org\vcoadmins as vRO administrator group in vRO configurator UI, did you restart vRO server service before trying to login to vRO client? We had similar errors reported by customers that forgot this step.

Also, could you try to login using the format DOMAIN\ckuhns instead of ckuhns@DOMAIN.org?

ChrisKuhns · ‎09-15-2015

Yes. Of course! :smileylaugh:

I restarted the server, the Configuration UI, services, pretty much everything but the host and vCenter. And yes, I tried both ckuhns@domain.org and domain\ckuhns, even domain.org\ckuhns for kicks.

skoch · ‎09-22-2015

Running into the same issue, except that I'm pointed to AD and not SSO. Curious if you figured out the solution yet?

ChrisKuhns · ‎10-06-2015

No. There has been no resolution. Also to note, I tried using the AD too. Same issues.

KGadowski · ‎10-27-2016

I know it's a pretty old topic, but someone could benefit...

I experienced the same issue. Here's my solution:

1. Go to the vCO Configuration \ Authentication

2. Unregister Orchestrator

3. Configure authentication again (SSO or AD)

4. Restart the vCO service

5. voila!

All

Can't Authenticate the vRealize Orchestrator Client