I am perplexed here. According to everything I have come across, my configuration is solid, and yes I have restarted the server, services, the whole nine yards!
I went in to the logs and found the following after trying to authenticate for the hundredth time.
2015-09-14 20:36:36.888+0000 [http-bio-10.10.19.98-8281-exec-7] ERROR {} [DefaultVerifier] User LDAP-USER-['ckuhns'] - DOMAIN.org\ckuhns doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).
2015-09-14 20:36:36.889+0000 [http-bio-10.10.19.98-8281-exec-7] ERROR {} [VcoFactoryServiceFacadeProxy] ch.dunes.util.NotAuthorizedException: [0002]User 'DOMAIN\ckuhns' is not authorized!
2015-09-14 22:22:50.938+0000 [http-bio-10.10.19.98-8281-exec-3] ERROR {} [DefaultVerifier] User LDAP-USER-['administrator'] - DOMAIN.org\administrator doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).
2015-09-14 22:22:50.939+0000 [http-bio-10.10.19.98-8281-exec-3] ERROR {} [VcoFactoryServiceFacadeProxy] ch.dunes.util.NotAuthorizedException: [0002]User 'administrator@DOMAIN.org' is not authorized!
2015-09-14 22:37:50.723+0000 [http-bio-10.10.19.98-8281-exec-4] ERROR {} [DefaultVerifier] User LDAP-USER-['ckuhns'] - DOMAIN.org\ckuhns doesn't have necessary rights 'View', required to execute operation on (VSOServer, _ROOT).
2015-09-14 22:37:50.724+0000 [http-bio-10.10.19.98-8281-exec-4] ERROR {} [VcoFactoryServiceFacadeProxy] ch.dunes.util.NotAuthorizedException: [0002]User 'ckuhns@DOMAIN.org' is not authorized!
I can authenticate just fine from the Configuration screen, but not the client.
OK I will take a stab at it. In the picture you have selected the vcoadmin group to be the administrator group. Did you create an AD group called vcoadmin or is this pointing to the SSO group and if so did you add members to that group?
You can authenticate from Configurator screen because it is just an authentication - a simple verification whether your credentials are valid.
To login into vRO, you need to be authorized. There are 2 possible cases:
I am a member of the group I created. Which is why I am confused... it doesn't make any sense. It should just zip right through.
Also, I can't get ANY account to pass through. Nothing will authenticate at all. I have had LDAP and SSO. The SSO works fine on vCenter. No issues there.
After configuring DOMAIN.org\vcoadmins as vRO administrator group in vRO configurator UI, did you restart vRO server service before trying to login to vRO client? We had similar errors reported by customers that forgot this step.
Also, could you try to login using the format DOMAIN\ckuhns instead of ckuhns@DOMAIN.org?
Yes. Of course! :smileylaugh:
I restarted the server, the Configuration UI, services, pretty much everything but the host and vCenter. And yes, I tried both ckuhns@domain.org and domain\ckuhns, even domain.org\ckuhns for kicks.
Running into the same issue, except that I'm pointed to AD and not SSO. Curious if you figured out the solution yet?
No. There has been no resolution. Also to note, I tried using the AD too. Same issues.
I know it's a pretty old topic, but someone could benefit...
I experienced the same issue. Here's my solution:
1. Go to the vCO Configuration \ Authentication
2. Unregister Orchestrator
3. Configure authentication again (SSO or AD)
4. Restart the vCO service
5. voila!