vCAC 6.0.1, Inaccessible Tenants, and Missing Identity Stores

With vCAC 6.0.x, there is a bug in the SSO appliance where several symptoms present all at the same time: Authentication to AD or LDAP identity stores fails, returning the user to the blank authentication screen. When logged-in to the default tenant as administrator (usually 'administrator@vsphere.local'), accessing tenant identity stores results in a 'System Exception' error. Tenant Admins cannot add or edit identity stores. This is a documented bug, as listed in VMware KB Article 2075011, and at the time of writing there is a workaround. The issue as documented is the administrator account in the default tenant expires 90 days after implementation of the appliance. I came across this issue, and was for a while not … [Read more...]

Quick Tip: Adding Active Directory to vSphere 5 SSO

If, like me, you are installing, burning, re-installing your lab set-up at the moment with the latest and greatest VMware releases, you'll no doubt be going into battle with installing vSphere 5.1 and Single Sign-On. There are several little¬†idiosyncrasies¬†with SSO that are well documented across the interweb, but one I came across hasn't been posted much about. It concerns adding Active Directory. If you install vSphere SSO as a local user, the domain you are connected to doesn't automatically get interrogated and added to the SSO configuration, and needs to be added subsequently as an authentication domain. You can do this through the vSphere Web Client. The quick tip I have for this is: When adding the authentication credentials … [Read more...]