VCenter deployment issues 6 - domain SSO
Hello
I have a problem my head around defining the domain of SINGLE sign-on in my new vSphere deployment package 6.0. I have a domain active directory (server.local) and installing vCenter 6, you are prompted for the SSO domain name (default is vsphere.local). What I want to know, it is important that name and what is the impact of the choice or change default name? The reason for my question is the following:
1. we have a vSphere/vCenter 5.5 for our domain infrastructure deployment and the application that uses vsphere.local as the domain of SINGLE sign-on.
2. I am deploying a new environment 6.0 vSphere/vcenter for a new VDI environment.
3. I will deploy a second 6.0 environment vSphere/vCenter for a second VDI environment.
4. I will use more connected between two vCenter environment 6 because I want to keep totally separate.
In factoring, is it safe to use vsphere.local for my first 6.0 deployment even if I use vsphere.local for my production environment 5.5 already? If it is OK, then is it OK to use vsphere.local for both of my 6.0 vSphere deployments, even if all three environments will be authenticating against the domain active directory domain.local? The domain authentication UNIQUE write anything to AD or just authenticates against it so that I can use the same SSO domain in three distinct environments without negative impact?
Any help with sort my confusion with this would be greatly appreciated.
Thank you!
Yes, it is safe to use the same domain name SSO for multiple deployments of vSphere, even if you use the same Active Directory domain as a source of identity. Don't forget that before vCenter 6, you are not able to change the domain name from SSO for anything other than the vsphere.local and this has never been a limit to how many vCenter Server can be deployed and configured to use the same Active Directory domain.
Tags: VMware
Similar Questions
-
Connecting two servers vCenter for a server for SSO in basic mode
Can you connect two vCenter servers to a single server for authentication, if authentication single server configured in the basic Mode?
For example, I have two vCenter servers in one site. I have install Single Sign on server on a separate virtual computer. Two vCenter servers use only one SSO server for authentication. Does it work?
-
Is this multidomain or cross domain SSO?
Hi all
There are two servers in the intranet.
Server1.test.NET
Server2.test.com
So we have areas cookie: test.net & test.com.
There are several areas SSO or cross domain SSO?
Thank you
Published by: 859875 on May 27, 2011 06:57Hello
It's okay... people usually merges between these two. However, it's not his fault so many books and online references also count them in the same compartment. His words using the correct terminology.
With your question, test.net and test.com will be the example of sso multdomain in most cases with quite obvious reason that for most, both are in the same intranet.
The choice is still flexible, if it isn't within the intranet and reckoned to cross the field (However, this case is quite rare).Yet once, multi domain and cross terminologies of the field are against the logical concepts and not fixed with examples. You could make that your decision based on your example.
Hope this helps,
-
Impossible to deploy - issues with SSL keys?
Hi - I was unable to get the last BDE (2.0) deployed in a new environment of vCenter.
The environment is the following:
A host ESXi - 5.5 build 1623387
A vCenter device - 5.5 build 2001466
Embedded DB, incorporated SSO
BDE 2.0.0.951 build 1885370
NTP and DNS are configured and tested.
Deployment of seems to work fine, but I can't go beyond the error at initialization:
ERROR: Unable to launch the Web Service of Serengeti. Illegal option: /opt/serengeti/.certs/serengeti_ws.jks.keytool - importkeystore [OPTION]... Any one or all entries from another file of keys... Options:... -srckeystore source keystore name. - destkeystore destination keystore name. - srcstoretype source keystore type. - deststoretype destination keystore type. - srcstorepass source keystore password. - deststorepass destination keystore password: srcprotected password key source protected. -srcprovidername source keystore provider name. -destprovidername destination keystore provider name. - srcalias source alias. - destalias. destination alias - srckeypass source key password. - destkeypass destination key password. - noprompt do not prompt - providerclass class name. Provider - provider argument. - providerpath provider classpath. providerarg - exit wordy v... Use 'keytool - help' for all available commands and, while I can connect to the server with the plugin, BDE
I can't create objects as they cause an error "Unable to connect to vCenter Server" - it sounds like the BDE unit is to have a hard time, import the SSL vCenter keys. Has anyone seen this? Any thoughts on getting a pass? Thank you! -Andrew
Hi, could attach you the /opt/serengeti/logs/*.log files on server BDE? And your BDE VAPP is deployed in the vCenter rather than the host ESX cluster? You will see this error if it is deployed on the ESX host.
-Jesse
-
Hello
After looking for documentation and reading documentation and still issues, I decided too maybe see if I can get help from this form.
Our agency is currently seeking to our virtualization emergency operations center. I tested Hyper-V and was not very impressed, and now I'm testing VMware.
So far, I'm much more impressed but have a high availability questions (we need it).
I have two servers (HP ProLiant BL480c of blades w /... active virtual Intel and run memory enabled on both).
I installed ESX Server 3.5 to these servers and installed Virtual vCenter 2.5 to another server.
Now I use a trial license provided by VMware...
Here's my network configuration for these two servers:
Virtual switch: vSwitch0
Virtual Machine port group
VMKernel: 10.10.0.163
Service console: 10.10.0.162 (vswif0)
Virtual switch: vSwitch1
VMKernel 2: 192.168.50.103
Service console 2: 192.168.50.102 (vswif1)
Two different network adapters.
Here are the other server:
Virtual swtich: vSwitch0
Virtual Machine port group
VMkernel: 10.10.0.161
Service console: 10.10.0.160 (vswif0)
Virtual switch: vSwitch1
Service console 2: 192.168.50.100 (vswif1)
VMKernel Port: 192.168.50.101
VMotion is enabled.
Now where I'm going wrong? I put in a cluster, one server is always very good, but all the others are not.
I always get a HA agent on 10.10.0.162 cluster Cluster ADEM to new data center has an error.
Well, what does this means and how is it provides more information?
I checked the DNS and I can ping to each of the servers and get answers? I read somewhere that DNS could be a problem. You can see a FULL domain name and server name
Thanks for your help in advance,
Jacob
have you added your host to vc by ip or FQDN - if it should be changed to FQDN by ip address
If you find this or any other answer useful please consider awarding points marking the answer correct or useful
-
Hi all
I'm new to Teststand and tried to deploy my Teststand applicatino on computer target for the last 2 days and have some questions about the deployment process.
1. I developed my TestStand application on the D drive on my development computer. My computer has only the C drive. In this case, (note: TestExec.ini is also being rolled out) I would still need to:
(a) change target the path search on the computer configuration after deployment, for example, adding/changing of all relevant paths in the configuration of the research to start with drive c. or
(b) I can also do a few tricks, by setting configuration C: research in computer development, just for the sake of deployment. In this way, the deployment on the target computer will be the right search path (and the files output because directory report I specify a directory output fix reports). Then I have to change the configuration of the search on drive D for the continuation of the focus on the computer of deveopment.
The question is: if I choose one) as deployment strategy, in order to add/change the configuration of the computer search target, I need a teststand development license. If I download a teststand development (evaluation) on the target computer, after the add/change the configuration of the search on the target computer, I disable the Teststand development and move the license to the license of deployment on the computer base target, this will do, right?
2. shared variable deployment published network is not so straightforward. My target computer will communicate with a compactRIO with shared variables. The compactRIO controller is AES. I added a "deploy Labview Utility LIbrary step" in a sequence step and deploy this sequence on the target computer. I ran this sequence in order to deploy the variable shared on the target computer. However, I got an error saying that the shared variable library can not be deployed and to ensure that it has only shared variables in the library. I checked and you can see that there are only shared in the lilbrary variables. What could be the possible reasons? Can someone give me advice on this problem? Y at - it a tool that can scan the library and tell me if there is a 'hidden' in this library vi because I see nothing wrong with the library even with my big glasses.
I think other shared, for example variable deployment options: a) maybe I need to download a system assessment deveopment LabView on the target and the copy on the Labview project and deploy the variable shared across the labview project. or (b) I can create a vi that uses the variable shared and using labview generation process for deploying the vi as exe. Check the option "deploy the shared variable" appropriate in the build process, run the exe on the target computer. This way I can deploy the shared variable. After deployment, disable the deveopment LabView evaluation license so there is only LVRTE on the target computer.
(Not the one above) and b) sensible options such as shared variable deployment strategies?
At this point, I realize that the TestStand deployment is a skill. There is no systematic deployment for TestStand approach. The experts out there agree? I just need a few entries so that I'm not on the wrong track. Thanks in advance for your comments.
Yours,
chati
Hello chati,.
version of the software you use?
There is a known issue with the variables related to a shared library in old versions of LabVIEW.
-
I I have a problem with the auto deploy and am not understand if what is happening is normal or I'm not doing something good.
I have a two-node cluster that I start from a copy of the default image ESXi 5.5.0 - 1331820-standard, my version is called ESXi_5.5 all work much as expected and I answer files and host working all profiles. When I reboot a host, and he comes back and gets it of image, is added to the cluster, apply the profile of its host, begins to exit the Maintenance mode and configures HA. OK everything is Peachy.
So now, I made a new Image with some drivers extra I needed (this Image is called ESX_5.5New) and killed my old assets deploy rules and deleted, created new deploy rules and makes them active. The new rules to work somehow.
If I reboot the host he still gets the old image with the new drivers. Yet, if I stop the host and deport him vcenter and then start him upwards, he will receive the new image. Surely, this isn't what you do every time you update the image. am I missing something here?
I ran the get-Cluster DR - Test | Get-vmhost | Test-DeployRuleSetCompliance and two servers come back as being compliant.
I corrected my own question.
Although when I was running get-Cluster DR - Test | Get-vmhost | Test-DeployRuleSetCompliance and two servers come back as being compliant. The Auto deployment server was some how always caching of the old image. Once I ran Repair-DeployImageCache every thing worked with me having to kick guests out vcenter.
-
VCenter server by using domain ID and password to login
Hello
I wanted to connect to Vcenter server via powercli but its always takes my default windows credentials when I connect using Connect-VIServer-vcenter01 Server rather than my domain ID and the password. My credentials for vcenter server is different from the Windows credentials. Please let me know the command for the VI login server, by using the credentials of domain.
Thank you
vmk2014
Cannot connect you with:
to connect-viserver Vcenter01.domain.bla - user domain\user - pass the password
-
The vCenter server's FULL domain name.
People,
Using vSphere SDK Web services, is it possible to get the domain name FULL of the vCenter server that I have connected to? For example, foo - test.domain.com is the name of a field FULL of my RESUME, but I can connect to the Victoria Cross with SDK giving the name as foo-test. Once connected, is their any property by which I can get the FQDN of my CV, IE like foo - test.domain.com.
Help in this regard is highly appreciated.
Many thanks in advance,
-Mani.
(1) this property reflects maybe just how the guestOS has been set up if she had the FULL domain name or not, I'm not 100% sure but I always put my host names a FQDN. You can watch the underlying guestOS to see how it is set up compared to others which show the COMPLETE domain name
(2) your original question was on vCenter FQDN, this property as mentioned is only for vCEnter and not for ESX (i). If you need to search for this information, you must watch the HostSystem that represents your ESX or ESXi host. You'll want to take a look at the HostDnsConfig property to find the short hostname under the host name and the domain under the domain name and that will provide COMPLETE domain name.
I think the best way to interrogate this information actually uses your DNS infrastructure, it is what it is. Looks like not all your environments are configured using domain name FULL which in my books, is not a best practice. If this is the case, what data are only as good as the original configuration in order to make virtual infrastructure out of the image and simply use DNS to query for it. It is trivial to extract the IP addresses of your vCenter and the host ESX (i), so you can use it as a base to make your look up.
I also recommend to take a look at the API reference documentation, it is the best place to find this information and using the search feature is also very useful to fine-tune the properties that interest you - http://www.vmware.com/support/developer/vc-sdk/visdk41pubs/ApiReference/index.html
I hope this makes sense
=========================================================================
William Lam
VMware vExpert 2009,2010
VMware VCP3, 4
VMware VCAP-DCA4
VMware scripts and resources at: http://www.virtuallyghetto.com/
Introduction to the vMA (tips/tricks)
Getting started with vSphere SDK for Perl
VMware Code Central - Scripts/code samples for developers and administrators
If you find this information useful, please give points to "correct" or "useful".
-
Relocation of vCenter Server to another domain
Here's the situation:
I have a 2 vCenter 4.0 update server that I need to join another AD area, which is located in another forest with no trust relationship. I also need to move my vCenter 2008 the SQL server to the new domain. In short, so I need to move a vCenter server and SQL server field ABC to XYZ area. The two servers running Windows 2008 R2.
Should what order I move these servers to the new domain?
What and in what order should I fill out to do this?
I know that I will have to recreate my accounts of service in the new domain and change my ODBC connections.
What about ESX hosts? There are 3 hosts in a cluster. They should all be moved to the new domain as well.
Anyone have any suggestions to help me do this? Point of departure? Thank you!!
Okay, that's easy. Remove from the old domain, restart. Add to the new domain, reboot.
Piece of cake.
What and in what order should I fill out to do this?
Use SQL authentication because Windows will not work if the 2 domains are not approved
What about ESX hosts? There are 3 hosts in a cluster. They should all be moved to the new domain as well.
NOPE. ESX are not joined to a domain. Change areas is one thing, changing IP is quite another. If they are STILL accessible by the intellectual property after the domain change, then nothing else to do with ESX.
-
Debugging on a real-time target - deployment issues
Dear community,
After RT my 9651 sbRIO module wiring code, I do tests to check the intended functionality. For this I start my main VI who deploys the code on my SoM and I can happily move forward with my debugging session.
Sometimes, however, while in the process of deployment, I get an error saying:
[VI - name] .vi loaded with errors on the target and was closed
When I open the VI it has no errors and the VI should work a fine might think.
My solution was so far of the VI, just open move the wires and terminals round, re - save the VI and this is the deployment works.
This trick worked for a while, because deployment error ca occur arbitrarily on different VI making debugging quite cumbersome.
I then went ahead and just run the wrong VI in RT mode by moving terminals and structures around to get the VI runs in mode debugging, but it is very time consuming.
Given that 3 people working on this project and we use git-subversioning I also do not want to "touch" each time just screws for the debugging session will without actually modifying the feature.
Has anyone encountered a similar experience or perhaps found a magical setting to avoid this subject a lot of time?
Hello
If solutions already present Spex does not do the trick for you, clearing the cache of the compiled object can help.
For more information, take a look at the following link:
Why my screws are loaded with errors when it is deployed at my target in real time? -National Instruments
http://digital.NI.com/public.nsf/allkb/7F6502FF0560FA9086257EB3005B13BAConcerning
Alex
-
TestStand on Windows 2K 3 x 64 deployment issues
Holil:
I hope that there can someone advise me.
I recently tried to build an application TS to deploy on a server running WIndows Server 2003 x 64, and I ran into some difficulties. On my development system, (32-bit Windows XP pro), I built a deployment TS Installer. I transferred to the destination machine. Installation failed... He says that many files were missing from different CAB files. I tried again... the second time I had more luck... the installation seems to take. Using the License Manager, I turned on my setup using my development license (my deployment license has not yet arrived). I tried to run my application and I get an exception that seems to indicate that the ActiveX DLL are not saved:
Unhandled exception: System.Runtime.InteropServices.COMException (0 x 80040154): C
Lass did not registered (Exception from HRESULT: 0 x 80040154 (REGDB_E_CLASSNOTREG))
at System.Windows.Forms.UnsafeNativeMethods.CoCreateInstance (Guid & clsid, Obj
ECT punkOuter, Int32 context, Guid & iid)I tried to register these manually to help
regsvr32 "D:\Program NIUninstaller Instruments\TestStand 4.1\API\DotNet\Assemblies\CurrentVersion\NationalInstruments.TestStand.Interop.UI.AxControls.dll"
but he complains that this DLL has no DllRegisterServer entry point. (Is this the wrong DLL to register?)
I tried to uninstall my deployment and installation the teststand full... and the SeqEdit seems to work fine. (He must have registered the DLLs required, no?) My app, however, still does not. I try to install Visual Studio to see if I can rebuild the application on this system with better results.
I missed an important step?
Thank you!
Tom MacLean
I think the problem was I have to target the solution for a x 86 platform... not any platform. If I have other problems with this particular application, I was able to recreate the example Simple OI in a new project with the same exception that I had with mine, and change the target platform does the job.
-
Group Policy - software package deployment issues via GPO
Hello world
I have a customer requirement that a 3rd party browser plugin must be installed in all versions of IE. Since the manual installation consumes huge person-hours, has planned to use the GPO
Created GPO & home to respected UO - computer configuration--> policies--> the software--> Software Installation settings
Plugin is not installed in any PC, all computers has following errors in eventviewer
Event 101 ID - the assignment of application OrgPublisher PluginX 11.5 of policy chart plugin - msi deployment failed. The error was: % 1274
Event ID 103 - the removal of the assignment of the OrgPublisher PluginX 11.5 of the strategy chart plugin - msi deployment failed. The error was: %value%
Event ID 108 - cannot apply changes to software installation settings. The installation of the software deployed through Group Policy for this user has been delayed until the next logon, because the changes must be applied before the user logon. The error was: % 1274
Kind regards
Karthik V
Hello Karthik,
Thanks for posting your question on the forum of the Microsoft community.
The question will be better suited to the audience of professionals on the TechNet forums.
I would recommend posting your query in the TechNet forums.
TechNet Forum
http://social.technet.Microsoft.com/forums/en-us/home?category=w7itproThank you
-
I'm trying to figure out how to grant access to users based on user authentication and computer accounts. I am trying to configure our ISE so that if a user on our domain connects to wifi it will check to see if the PC they reliant is a member of our domain. If the computer is a member of the domain they get full access to our network. If they are not members of our field, that they will be in one vlan different that only has access to the Internet. Finally, I would like to have a group in active directory for computer accounts that are allowed on the wifi. Is a facility such as this? I've tried a few things and I can't do the part of computer account to work.
Sent by Cisco Support technique iPhone App
Hi Eric,.
We can create different rules in the authorization policies according to the your scenarios. You ask we can configure the following rule
Step 1
: Front of user enetering their powers... machine will be authorized to access when the machine starts
iselabin.local:ExternalGroups is Domain computers
Step 2
: The user will enter the credentials and will receive access allowed because of rule 2.
Access network: WasMachineAuthenticated == True
AND
iselabin.local:ExternalGroups is Domain users
You must also pass by the MAR that you use the user authentication + Macine. Here is the link for the same in which you can find the article Mar:
-
Displacement of the ATG Board from one box to the other - deployment issues
Hello team;
You need ideas on a question.
We are moving our ATG CA instance to a new box - by a change in society from A to b. all the schema (ORACLE) and ATG CA(running on JBOSS) is copied on.
After spending the EAR CA to new JBOSS, CA load up - no problems. Change IP on Site & Agents URL, to the new location, made ' live the change ", but while deploying I get this error:
Unable to perform an incremental deployment on target 'Production Agent'. Check for incompatibility of snapshot on agents.
My question is: can I force an instant id? The only change is the URL target in agent. CA schema has been moved and target DB was moved just like love
Is the CA knows by target URL, this is the new location? The name of Site or Agent is the same.
I want to just validate my steps... Please advice.
Thank you
Millon
Yes, forcing the snapshot to new officers will work.
It's something that we do when the new officer is added or agents are changed.
Peace
Shaik
Maybe you are looking for
-
I have several iTunes Store purchases that appear on my bank statement and I don't know what they are for. Can you help me? I'm unable to maneuver through this system to view previous purchases. I wonder if I pay for extra storage, it is always advi
-
How to read the counter NI9411 using C API data?
I use the API C of NOR-DAQmx to read the data of a cDAQ-9188 I am able to read analog voltages and entered digital fine (NI9201 and NI375). Problems with counters (frequency of measure) (NI9411). I just get error "all or part of your samples are not
-
HP envy phoenix 810-430qe: plug
What are the specifications for hp envy phoenix 810-430qe
-
Get new tabs to display the background instead of a new window next to the original window.
I have Vista and barely installed explore 9. I can't click on a link in a window, and it still load in another window next to the original window instead of a new tab at the bottom (near the Start button). I researched and tried many different comb
-
Deleted account blackBerry Z30, the calendar is still.
I deleted a gmail account. All emails and contacts have disappeared, but calendar entries remain. Any ideas how to get rid of them?